Iptables rules to only whitelist SIP providers

1

I have an Asterisk box sitting behind an ADSL router/modem. There are no other services on the Asterisk box, just telephony. I am getting a lot of traffic which I think are SIP probes. I've installed the sippot rbl client which adds 1400 addresses to block to my iptables, but I'm still getting unsolicited traffic.

I think the solution is to block all traffic on Asterisk except local traffic ( 192.168.1.n), and VPN traffic ( Hamachi 25.213.n.n ), and only whitelist the 2 VOIP providers I use. I don't have any outside the office SIP lines, so don't need fancy rules to track mobile users, or other offices.

How do I do this?

HappySpoon

Posted 2014-07-01T23:40:56.847

Reputation: 171

Answers

1

You'll want to add something like this to /etc/sysconfig/iptables:

-A INPUT -s 192.168.1.0/24 -j ACCEPT -m comment --comment "local traffic"
-A INPUT -s 25.213.0.0/16 -j ACCEPT -m comment --comment "VPN traffic"
-A INPUT -s 1.2.3.4/32 -j ACCEPT -m comment --comment "SIP provider 1"
-A INPUT -s 5.6.7.8/32 -j ACCEPT -m comment --comment "SIP provider 2"

These rules should go just above the default deny rule, which typically looks something like this:

-A INPUT -j REJECT --reject-with icmp-host-prohibited -m comment --comment "default deny"

You can also add things using the iptables command, but without knowing what rule number you want to insert, it's easier to just edit the text file.

miken32

Posted 2014-07-01T23:40:56.847

Reputation: 431

0

You can use fail2ban to ban bad attacks

IF you use vpn, you can just turn off port 5060 forwarding on your router.

arheops

Posted 2014-07-01T23:40:56.847

Reputation: 977

Asked: 2014-07-01T23:40:56.847

Viewed: 826 times

Active: 2016-07-14T19:57:55.107