[Freeswitch-users] What ports are really necessary?
Karl Schmidt
karl at xtronics.com
Thu Aug 1 03:54:13 MSD 2013
On 07/31/2013 02:50 AM, Ken Rice wrote:
> On a stateful firewall you can also choose to only open the SIP ports. That'll depend on your
> SIP profile settings. 5060 at least, and perhaps 5080 too.
>
> The firewall could look at the SDP, mark the RTP ports as related traffic and automatically open
> them for you too.
This should be possible with the shorewall package - ( still a learning curve, but you will be more
likely to maintain your sanity than command line scripts. shorewall helps avoid creating a
miss-configured firewall).
I am a week or so away from doing this myself - when I do I will write it up.
I think the place to start is here: http://www.shorewall.net/Helpers.html
https://home.regit.org/netfilter-en/secure-use-of-helpers/
,.,.
I probably need to understand this as well:
http://www.shorewall.net/traffic_shaping.htm
http://shorewall.net/manpages/shorewall-tcrules.html
There are really three firewall issues - getting the right ports open - avoiding spoofing attacks -
and traffic shaping..
I would also recommend a separate box for the firewall - not a virtual machine. ( I assume someone
someday will find a way to crash the firewall - and I don't want any servers coming down with it. )
--------------------------------------------------------------------------------
Karl Schmidt EMail Karl at xtronics.com
Transtronics, Inc. WEB http://secure.transtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
History may not repeat itself, but it does rhyme a lot. -Mark Twain
--------------------------------------------------------------------------------
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list