<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">You should do that in your firewall.<div>The quicker you filter, the better.</div><div><br></div><div>I would not care much about the RTP traffic.</div><div>So you need to filter SIP.</div><div>And I would really don't think Vitelity is going to change the IP of their softswitch/SBC very often, and if they do, they should tell you.</div><div><br></div><div>If Vitelity's IP is X and your SIP port is 5060, what you should do as filters is:</div><div>allow UDP from X to yourIP:5060 (this will match SIP packets coming from Vitelity)</div><div>deny UDP from all to yourIP:5060 (this will match malicious SIP packets)</div><div>allow UDP from all to all (this will match the RTP traffic and other UDP traffic)</div><div>and then add your other usual filters</div><div><br></div><div><div apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" color="#1C00FF">David Ponzone </font><font class="Apple-style-span" color="#000000" size="3"><span class="Apple-style-span" style="font-size: 12px; ">Direction Technique</span></font></font></div><div><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size: 13px; ">email: <a href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a></span></font></font></div><div><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size: 13px; ">tel: 01 74 03 18 97</span></font></font></div><div><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size: 13px; ">gsm: 06 66 98 76 34</span></font></font></div><div><font class="Apple-style-span" face="'Helvetica Neue'"><br></font></div><div><font class="Apple-style-span" color="#1C00FF" face="'Helvetica Neue'">Service Client<span class="Apple-converted-space"> </span></font><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" color="#FF0000">IP</font></font><font class="Apple-style-span" color="#1C00FF" face="'Helvetica Neue'">eva</font></div><div><font class="Apple-style-span" color="#1C00FF" face="'Helvetica Neue'"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-family: Helvetica; "><div><font class="Apple-style-span" face="'Helvetica Neue'"><font class="Apple-style-span" size="3"><span class="Apple-style-span" style="font-size: 13px; ">tel: 0811 46 26 26</span></font></font></div><div><font class="Apple-style-span" face="'Helvetica Neue'" size="3"><span class="Apple-style-span" style="font-size: 13px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Arial; color: rgb(0, 34, 243); "><span style="text-decoration: underline; "><a href="BLOCKED::http://www.ipeva.fr/">www.ipeva.fr</a></span><span style="color: rgb(101, 104, 149); "> - <span style="color: rgb(0, 34, 243); text-decoration: underline; "><a href="BLOCKED::http://www.ipeva-studio.com/">www.ipeva-studio.com</a></span></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Arial; color: rgb(0, 34, 243); "><span class="Apple-style-span" style="text-decoration: underline; "><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Arial; color: rgb(0, 34, 243); "><span class="Apple-style-span"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; text-align: justify; font: normal normal normal 10px/normal Arial; color: rgb(192, 192, 192); "><i>Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. </i><b><i>IPeva</i></b><i> décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire immédiatement et d'avertir l'expéditeur.</i></div><div style="text-decoration: underline; text-align: justify; "><font class="Apple-style-span" color="#C0C0C0"><i><br></i></font></div></span></div></span></font></div></span></font></div></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"> </div><br><div><div>Le 23/08/2010 à 23:11, Malay Thakershi a écrit :</div><br class="Apple-interchange-newline"><blockquote type="cite">That is true. So do I block all other IP in my firewall? Or do I configure that in FreeSwitch? Also, How can be sure my provider's IP to remain same? (I use vitelity)<div><br></div><div>Please let me know.<br><br><div class="gmail_quote"> On Mon, Aug 23, 2010 at 3:03 PM, David Ponzone <span dir="ltr"><<a href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div style="word-wrap:break-word">If I understand correctly, you expect calls form PSTN, so only from the known IPs of your provider ?<div>You can then filter all other IPs going to your port X (5060, 5080, your mileage may vary).</div> <div><br></div><div>Also, a call coming to a port you don't use (so not opened) should not have ANY impact.</div><div>It should not even hit the dialplan.</div><div>it should be rejected with ICMP port unreachable by the Windows TCP/IP stack.</div> <div><div class="im"><br><div> <span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="word-wrap:break-word"> <span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="word-wrap:break-word"> <div><font face="'Helvetica Neue'"><font color="#1C00FF">David Ponzone </font><font color="#000000" size="3"><span style="font-size:12px">Direction Technique</span></font></font></div><div><font face="'Helvetica Neue'"><font size="3"><span style="font-size:13px">email: <a href="mailto:david.ponzone@ipeva.fr" target="_blank">david.ponzone@ipeva.fr</a></span></font></font></div> <div><font face="'Helvetica Neue'"><font size="3"><span style="font-size:13px">tel: 01 74 03 18 97</span></font></font></div><div><font face="'Helvetica Neue'"><font size="3"><span style="font-size:13px">gsm: 06 66 98 76 34</span></font></font></div> <div><font face="'Helvetica Neue'"><br></font></div><div><font color="#1C00FF" face="'Helvetica Neue'">Service Client<span> </span></font><font face="'Helvetica Neue'"><font color="#FF0000">IP</font></font><font color="#1C00FF" face="'Helvetica Neue'">eva</font></div> <div><font color="#1C00FF" face="'Helvetica Neue'"><span style="color:rgb(0, 0, 0);font-family:Helvetica"><div><font face="'Helvetica Neue'"><font size="3"><span style="font-size:13px">tel: 0811 46 26 26</span></font></font></div> <div><font face="'Helvetica Neue'" size="3"><span style="font-size:13px"><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;color:rgb(0, 34, 243)"><span style="text-decoration:underline"><a>www.ipeva.fr</a></span><span style="color:rgb(101, 104, 149)"> - <span style="color:rgb(0, 34, 243);text-decoration:underline"><a>www.ipeva-studio.com</a></span></span></div> <div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;color:rgb(0, 34, 243)"><span style="text-decoration:underline"><br></span></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;color:rgb(0, 34, 243)"> <span><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;text-align:justify;color:rgb(192, 192, 192)"><i>Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. </i><b><i>IPeva</i></b><i> décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire immédiatement et d'avertir l'expéditeur.</i></div> <div style="text-decoration:underline;text-align:justify"><font color="#C0C0C0"><i><br></i></font></div></span></div></span></font></div></span></font></div></div></span><br></div></span><br> </div><br></div><div><div>Le 23/08/2010 à 21:47, Malay Thakershi a écrit :</div> <div><div></div><div class="h5"><br><blockquote type="cite">I am going through documentation but seems iptables can eliminate calls being made on ports other than required ones.<div><br></div><div>But my server is Windows. How do I run iptables command?</div> <div><br></div><div>Also, could you tell me if I block all incoming ports other than 5060 and 5061, will my regular inbound calls work?</div> <div><br></div><div>Thank you.</div><div><br></div><div><br><br><div class="gmail_quote"> 2010/8/23 Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> David,<br> No Clue, Never Used It, Can't Say...<br> <font color="#888888"><br> /b<br> </font><div><br> On Aug 23, 2010, at 2:32 PM, David Ponzone wrote:<br> <br> > Brian<br> ><br> > he can't add an ACL with FreePBX ?<br> ><br> > David Ponzone Direction Technique<br> > email: <a href="mailto:david.ponzone@ipeva.fr" target="_blank">david.ponzone@ipeva.fr</a><br> > tel: 01 74 03 18 97<br> > gsm: 06 66 98 76 34<br> ><br> > Service Client IPeva<br> > tel: 0811 46 26 26<br> > <a href="http://www.ipeva.fr" target="_blank">www.ipeva.fr</a> - <a href="http://www.ipeva-studio.com" target="_blank">www.ipeva-studio.com</a><br> ><br> > Ce message et toutes les pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. IPeva décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire immédiatement et d'avertir l'expéditeur.<br> ><br> ><br> ><br> ><br> > Le 23/08/2010 à 21:26, Brian West a écrit :<br> ><br> >> Well you're using FreePBX right? The only corse of action you have is to find out why its crashing and reporting the issue on our Jira. Without any more info to go on you're SOL.<br> >><br> >> <a href="http://www.google.com/search?hl=en&client=safari&rls=en&defl=en&q=define:Vishing&sa=X&ei=RstyTO24JI_Znge7-6yNCw&ved=0CBIQkAE" target="_blank">http://www.google.com/search?hl=en&client=safari&rls=en&defl=en&q=define:Vishing&sa=X&ei=RstyTO24JI_Znge7-6yNCw&ved=0CBIQkAE</a><br> >><br> >> /b<br> <br> <br> </div><div><div></div><div>_______________________________________________<br> FreeSWITCH-users mailing list<br> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br> </div></div></blockquote></div><br></div> _______________________________________________<br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div></div></div><br></div></div><br>_______________________________________________<br> FreeSWITCH-users mailing list<br> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br> <br></blockquote></div><br></div> _______________________________________________<br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org<br></blockquote></div><br></div></body></html>