[Freeswitch-users] Blocking incoming calls
Andrew Cassidy
andrew at cassidywebservices.co.uk
Wed Mar 13 12:55:45 MSK 2013
Set up firewall rules only allowing traffic from your providers' IP address.
On 13 March 2013 09:08, Clive Lansink <clive at lansink.co.nz> wrote:
> Hello. I hope someone can quickly see what I want to do and steer me in
> the right direction.
>
> I've looked at the documentation for acl.conf.xml and the SIP profile
> config file external.xml. I want to block incoming calls from all but a
> single external IP address and I'm sorry I just can't figure out how to do
> it or even if it can be done.
>
> We have a SIP trunk service with our VOIP provider. That means we have a
> static IP address which they use when they forward calls to us. They don't
> need to register, we just accept their calls but of course they have to be
> to our destination phone number. That all works and we have been very happy
> with Freeswitch for I don't know well over a year.
>
> Recently I became aware that someone is hammering our system trying to
> make calls. Our provider will only use port 5060 so that does mean our
> system is sitting on the internet with port 5060 open. Our dial plan works
> correctly and I can see in the log these calls are going nowhere. But they
> can be every few seconds and I suspect they might be using a lot of
> bandwidth just hammering the system.
>
> We will never receive calls from any other address than the one our VOIP
> provider will use to call us. So I just want to block SIP traffic from all
> addresses except theirs. I just want Freeswitch to stay silent when a call
> comes in on any other address, so there is no evidence that it is there to
> be attacked.
>
> I know I can do this with a firewall but I hope I can do it in Freeswitch
> itself. I am confused about the parameters auth-calls and auth-call and how
> to apply an access list that would restrict all calls to just one IP
> address. I did read somewhere in the docs that if you want to block calls
> you need to use a firewall and maybe that's the answer and so be it. Still
> I hope I can do it with Freeswitch so I can just apply the right ACL and
> sort the problem without creating new problems by introducing a firewall.
>
> Hope you can help.
>
>
> Clive Lansink
> Email: Clive at Lansink.Co.NZ
> Phone: +64 9 520-4242
> Mobile: +64 21 663-999
> Fax: +64 21 789-150
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Andrew Cassidy BSc (Hons) MBCS SSCA*
Managing Director
*T <info at cassidywebservices.co.uk> *03300 100 960
*F<info at cassidywebservices.co.uk>
*03300 100 961
*E <info at cassidywebservices.co.uk> *andrew at cassidywebservices.co.uk
*W <info at cassidywebservices.co.uk> *www.cassidywebservices.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130313/1e2c4416/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list