<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#CCCCCC">
I have the exact same problem from time to time and it does consume
bandwidth (~70KB/s) <br>
<br>
fail2ban is implemented in my system and it is great to protect
freeswitch by banning the offending IP to reach FS but it doesn't
stop the traffic to hit the box<br>
<br>
I have found as proposed earlier that firewall rules to block all
traffic except for the SIP provider range to be the best solution<br>
<br>
Like that the bad guys never know that your port is opened.<br>
<br>
/Philippe<br>
<div class="moz-cite-prefix">On 13-03-13 06:28 AM, Alex Lake wrote:<br>
</div>
<blockquote cite="mid:514054D8.8010006@digitalmail.com" type="cite">
<pre wrap="">Isn't fail2ban the usual solution here?
</pre>
<blockquote type="cite">
<pre wrap="">Hello. I hope someone can quickly see what I want to do and steer me in the right direction.
I've looked at the documentation for acl.conf.xml and the SIP profile config file external.xml. I want to block incoming calls from all but a single external IP address and I'm sorry I just can't figure out how to do it or even if it can be done.
We have a SIP trunk service with our VOIP provider. That means we have a static IP address which they use when they forward calls to us. They don't need to register, we just accept their calls but of course they have to be to our destination phone number. That all works and we have been very happy with Freeswitch for I don't know well over a year.
Recently I became aware that someone is hammering our system trying to make calls. Our provider will only use port 5060 so that does mean our system is sitting on the internet with port 5060 open. Our dial plan works correctly and I can see in the log these calls are going nowhere. But they can be every few seconds and I suspect they might be using a lot of bandwidth just hammering the system.
We will never receive calls from any other address than the one our VOIP provider will use to call us. So I just want to block SIP traffic from all addresses except theirs. I just want Freeswitch to stay silent when a call comes in on any other address, so there is no evidence that it is there to be attacked.
I know I can do this with a firewall but I hope I can do it in Freeswitch itself. I am confused about the parameters auth-calls and auth-call and how to apply an access list that would restrict all calls to just one IP address. I did read somewhere in the docs that if you want to block calls you need to use a firewall and maybe that's the answer and so be it. Still I hope I can do it with Freeswitch so I can just apply the right ACL and sort the problem without creating new problems by introducing a firewall.
Hope you can help.
Clive Lansink
Email: <a class="moz-txt-link-abbreviated" href="mailto:Clive@Lansink.Co.NZ">Clive@Lansink.Co.NZ</a>
Phone: +64 9 520-4242
Mobile: +64 21 663-999
Fax: +64 21 789-150
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
-----
No virus found in this message.
Checked by AVG - <a class="moz-txt-link-abbreviated" href="http://www.avg.com">www.avg.com</a>
Version: 2012.0.2240 / Virus Database: 2641/5668 - Release Date: 03/12/13
</pre>
</blockquote>
<pre wrap="">
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</body>
</html>