<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Malay,<br>
<br>
I use apply-inbound-acl="providers" in my sip profile. Then I define
my providers IP addresses in ACL "providers" (within acl.conf.xml)<br>
This way all other IPs are forced to authorize in order to place
calls through. <br>
Why bother with firewall if freeswitch has built-in ACL
functionality?<br>
<br>
Regards,<br>
Victor<br>
<br>
On -10/01/37 02:59 PM, David Ponzone wrote:
<blockquote
cite="mid:%3C54AB9D1D-BFE7-4685-B098-ECB3806C3666@ipeva.fr%3E"
type="cite">You should do that in your firewall.
<div>The quicker you filter, the better.</div>
<div><br>
</div>
<div>I would not care much about the RTP traffic.</div>
<div>So you need to filter SIP.</div>
<div>And I would really don't think Vitelity is going to change
the IP of their softswitch/SBC very often, and if they do, they
should tell you.</div>
<div><br>
</div>
<div>If Vitelity's IP is X and your SIP port is 5060, what you
should do as filters is:</div>
<div>allow UDP from X to yourIP:5060 (this will match SIP packets
coming from Vitelity)</div>
<div>deny UDP from all to yourIP:5060 (this will match malicious
SIP packets)</div>
<div>allow UDP from all to all (this will match the RTP traffic
and other UDP traffic)</div>
<div>and then add your other usual filters</div>
<div><br>
</div>
<div>
<div apple-content-edited="true"> <span
class="Apple-style-span" style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Helvetica; font-size:
14px; font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;">
<div style="word-wrap: break-word;"><span
class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 14px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px;">
<div style="word-wrap: break-word;">
<div><font class="Apple-style-span" face="'Helvetica
Neue'"><font class="Apple-style-span"
color="#1c00ff">David Ponzone </font><font
class="Apple-style-span" size="3"
color="#000000"><span class="Apple-style-span"
style="font-size: 12px;">Direction Technique</span></font></font></div>
<div><font class="Apple-style-span" face="'Helvetica
Neue'"><font class="Apple-style-span" size="3"><span
class="Apple-style-span" style="font-size:
13px;">email: <a moz-do-not-send="true"
href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a></span></font></font></div>
<div><font class="Apple-style-span" face="'Helvetica
Neue'"><font class="Apple-style-span" size="3"><span
class="Apple-style-span" style="font-size:
13px;">tel: 01 74 03 18 97</span></font></font></div>
<div><font class="Apple-style-span" face="'Helvetica
Neue'"><font class="Apple-style-span" size="3"><span
class="Apple-style-span" style="font-size:
13px;">gsm: 06 66 98 76 34</span></font></font></div>
<div><font class="Apple-style-span" face="'Helvetica
Neue'"><br>
</font></div>
<div><font class="Apple-style-span" color="#1c00ff"
face="'Helvetica Neue'">Service Client<span
class="Apple-converted-space"> </span></font><font
class="Apple-style-span" face="'Helvetica Neue'"><font
class="Apple-style-span" color="#ff0000">IP</font></font><font
class="Apple-style-span" color="#1c00ff"
face="'Helvetica Neue'">eva</font></div>
<div><font class="Apple-style-span" color="#1c00ff"
face="'Helvetica Neue'"><span
class="Apple-style-span" style="color: rgb(0, 0,
0); font-family: Helvetica;">
<div><font class="Apple-style-span"
face="'Helvetica Neue'"><font
class="Apple-style-span" size="3"><span
class="Apple-style-span"
style="font-size: 13px;">tel: 0811
46 26 26</span></font></font></div>
<div><font class="Apple-style-span" size="3"
face="'Helvetica Neue'"><span
class="Apple-style-span" style="font-size:
13px;">
<div style="margin: 0px; font: 10px Arial;
color: rgb(0, 34, 243);"><span
style="text-decoration: underline;"><a
moz-do-not-send="true"
href="BLOCKED::http://www.ipeva.fr/">www.ipeva.fr</a></span><span
style="color: rgb(101, 104, 149);">
- <span style="color: rgb(0, 34,
243); text-decoration: underline;"><a
moz-do-not-send="true"
href="BLOCKED::http://www.ipeva-studio.com/">www.ipeva-studio.com</a></span></span></div>
<div style="margin: 0px; font: 10px Arial;
color: rgb(0, 34, 243);"><span
class="Apple-style-span"
style="text-decoration: underline;"><br>
</span></div>
<div style="margin: 0px; font: 10px Arial;
color: rgb(0, 34, 243);"><span
class="Apple-style-span">
<div style="margin: 0px; text-align:
justify; font: 10px Arial; color:
rgb(192, 192, 192);"><i>Ce message
et toutes les pièces jointes sont
confidentiels et établis à
l'intention exclusive de ses
destinataires. Toute utilisation
ou diffusion non autorisée est
interdite. Tout message
électronique est susceptible
d'altération. </i><b><i>IPeva</i></b><i> décline
toute responsabilité au titre de
ce message s'il a été altéré,
déformé ou falsifié. Si vous
n'êtes pas destinataire de ce
message, merci de le détruire
immédiatement et d'avertir
l'expéditeur.</i></div>
<div style="text-decoration:
underline; text-align: justify;"><font
class="Apple-style-span"
color="#c0c0c0"><i><br>
</i></font></div>
</span></div>
</span></font></div>
</span></font></div>
</div>
</span><br class="Apple-interchange-newline">
</div>
</span><br class="Apple-interchange-newline">
</div>
<br>
<div>
<div>Le 23/08/2010 à 23:11, Malay Thakershi a écrit :</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">That is true. So do I block all other
IP in my firewall? Or do I configure that in FreeSwitch?
Also, How can be sure my provider's IP to remain same? (I
use vitelity)
<div><br>
</div>
<div>Please let me know.<br>
<br>
<div class="gmail_quote"> On Mon, Aug 23, 2010 at 3:03 PM,
David Ponzone <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div style="word-wrap: break-word;">If I understand
correctly, you expect calls form PSTN, so only from
the known IPs of your provider ?
<div>You can then filter all other IPs going to your
port X (5060, 5080, your mileage may vary).</div>
<div><br>
</div>
<div>Also, a call coming to a port you don't use (so
not opened) should not have ANY impact.</div>
<div>It should not even hit the dialplan.</div>
<div>it should be rejected with ICMP port
unreachable by the Windows TCP/IP stack.</div>
<div>
<div class="im"><br>
<div> <span style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 14px; font-style: normal;
font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal;
text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;">
<div style="word-wrap: break-word;"> <span
style="border-collapse: separate; color:
rgb(0, 0, 0); font-family: Helvetica;
font-size: 14px; font-style: normal;
font-variant: normal; font-weight:
normal; letter-spacing: normal;
line-height: normal; text-indent: 0px;
text-transform: none; white-space:
normal; word-spacing: 0px;">
<div style="word-wrap: break-word;">
<div><font face="'Helvetica Neue'"><font
color="#1c00ff">David Ponzone </font><font
size="3" color="#000000"><span
style="font-size: 12px;">Direction
Technique</span></font></font></div>
<div><font face="'Helvetica Neue'"><font
size="3"><span style="font-size:
13px;">email: <a
moz-do-not-send="true"
href="mailto:david.ponzone@ipeva.fr"
target="_blank">david.ponzone@ipeva.fr</a></span></font></font></div>
<div><font face="'Helvetica Neue'"><font
size="3"><span style="font-size:
13px;">tel: 01 74 03 18
97</span></font></font></div>
<div><font face="'Helvetica Neue'"><font
size="3"><span style="font-size:
13px;">gsm: 06 66 98 76 34</span></font></font></div>
<div><font face="'Helvetica Neue'"><br>
</font></div>
<div><font color="#1c00ff"
face="'Helvetica Neue'">Service
Client<span> </span></font><font
face="'Helvetica Neue'"><font
color="#ff0000">IP</font></font><font
color="#1c00ff" face="'Helvetica
Neue'">eva</font></div>
<div><font color="#1c00ff"
face="'Helvetica Neue'"><span
style="color: rgb(0, 0, 0);
font-family: Helvetica;">
<div><font face="'Helvetica
Neue'"><font size="3"><span
style="font-size: 13px;">tel:
0811 46 26 26</span></font></font></div>
<div><font size="3"
face="'Helvetica Neue'"><span
style="font-size: 13px;">
<div style="margin: 0px;
color: rgb(0, 34, 243);"><span
style="text-decoration:
underline;"><a
moz-do-not-send="true">www.ipeva.fr</a></span><span
style="color: rgb(101,
104, 149);"> - <span
style="color: rgb(0,
34, 243);
text-decoration:
underline;"><a
moz-do-not-send="true">www.ipeva-studio.com</a></span></span></div>
<div style="margin: 0px;
color: rgb(0, 34, 243);"><span
style="text-decoration:
underline;"><br>
</span></div>
<div style="margin: 0px;
color: rgb(0, 34, 243);">
<span>
<div style="margin:
0px; text-align:
justify; color:
rgb(192, 192, 192);"><i>Ce
message et toutes
les pièces jointes
sont confidentiels
et établis à
l'intention
exclusive de ses
destinataires.
Toute utilisation
ou diffusion non
autorisée est
interdite. Tout
message
électronique est
susceptible
d'altération. </i><b><i>IPeva</i></b><i> décline
toute
responsabilité au
titre de ce
message s'il a été
altéré, déformé ou
falsifié. Si vous
n'êtes pas
destinataire de ce
message, merci de
le détruire
immédiatement et
d'avertir
l'expéditeur.</i></div>
<div
style="text-decoration:
underline;
text-align:
justify;"><font
color="#c0c0c0"><i><br>
</i></font></div>
</span></div>
</span></font></div>
</span></font></div>
</div>
</span><br>
</div>
</span><br>
</div>
<br>
</div>
<div>
<div>Le 23/08/2010 à 21:47, Malay Thakershi a
écrit :</div>
<div>
<div class="h5"><br>
<blockquote type="cite">I am going through
documentation but seems iptables can
eliminate calls being made on ports other
than required ones.
<div><br>
</div>
<div>But my server is Windows. How do I
run iptables command?</div>
<div><br>
</div>
<div>Also, could you tell me if I block
all incoming ports other than 5060 and
5061, will my regular inbound calls
work?</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div><br>
<br>
<div class="gmail_quote"> 2010/8/23
Brian West <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:brian@freeswitch.org"
target="_blank">brian@freeswitch.org</a>></span><br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;"> David,<br>
No Clue, Never Used It, Can't
Say...<br>
<font color="#888888"><br>
/b<br>
</font>
<div><br>
On Aug 23, 2010, at 2:32 PM, David
Ponzone wrote:<br>
<br>
> Brian<br>
><br>
> he can't add an ACL with
FreePBX ?<br>
><br>
> David Ponzone Direction
Technique<br>
> email: <a
moz-do-not-send="true"
href="mailto:david.ponzone@ipeva.fr"
target="_blank">david.ponzone@ipeva.fr</a><br>
> tel: 01 74 03 18 97<br>
> gsm: 06 66 98 76 34<br>
><br>
> Service Client IPeva<br>
> tel: 0811 46 26 26<br>
> <a moz-do-not-send="true"
href="http://www.ipeva.fr"
target="_blank">www.ipeva.fr</a>
- <a moz-do-not-send="true"
href="http://www.ipeva-studio.com"
target="_blank">www.ipeva-studio.com</a><br>
><br>
> Ce message et toutes les
pièces jointes sont confidentiels
et établis à l'intention exclusive
de ses destinataires. Toute
utilisation ou diffusion non
autorisée est interdite. Tout
message électronique est
susceptible d'altération. IPeva
décline toute responsabilité au
titre de ce message s'il a été
altéré, déformé ou falsifié. Si
vous n'êtes pas destinataire de ce
message, merci de le détruire
immédiatement et d'avertir
l'expéditeur.<br>
><br>
><br>
><br>
><br>
> Le 23/08/2010 à 21:26, Brian
West a écrit :<br>
><br>
>> Well you're using FreePBX
right? The only corse of action
you have is to find out why its
crashing and reporting the issue
on our Jira. Without any more
info to go on you're SOL.<br>
>><br>
>> <a
moz-do-not-send="true"
href="http://www.google.com/search?hl=en&client=safari&rls=en&defl=en&q=define:Vishing&sa=X&ei=RstyTO24JI_Znge7-6yNCw&ved=0CBIQkAE"
target="_blank">http://www.google.com/search?hl=en&client=safari&rls=en&defl=en&q=define:Vishing&sa=X&ei=RstyTO24JI_Znge7-6yNCw&ved=0CBIQkAE</a><br>
>><br>
>> /b<br>
<br>
<br>
</div>
<div>
<div>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a
moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>