[arm-allstar] Adding IP table rules so only my SIP provider canconnect to my node (stop hacking attempts)

Doug Crompton wa3dsp at gmail.com
Tue Aug 28 00:48:50 EDT 2018 

Vendel,

It looks right except your local subnet is wrong if it is 192.168.1..x  --
it should be 192.168.1.0/16    - change that in your script.

Doug

On Tue, Aug 28, 2018 at 12:45 AM "Vendel via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> Hi Doug, I made the changes from your prior message. When I enter
> /sbin/iptables -L, this is what I get…
>
>
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     udp  --  192.168.0.0/16       anywhere             udp dpt:sip
> ACCEPT     udp  --  72.251.239.207       anywhere             udp dpt:sip
> DROP       udp  --  anywhere             anywhere             udp dpt:sip
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> 192.168.0.0/16?
> Sent from Mail for Windows 10
>
> From: Doug Crompton via ARM-allstar
> Sent: Tuesday, August 28, 2018 12:01 AM
> To: ARM Allstar
> Cc: Doug Crompton
> Subject: Re: [arm-allstar] Adding IP table rules so only my SIP provider
> canconnect to my node (stop hacking attempts)
>
> Vendel,
>
> I think you have some conflicting statements here.  The complete line to
> allow local sip would be -
>
> $IPT -A INPUT -p udp -s 192.168.1.0/16 --dport 5060 -j ACCEPT
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
>
> On Mon, Aug 27, 2018 at 11:08 PM "Vendel via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
> > Hi Doug, based on my “ipconfig /all” wireless setting response obtained
> > via my laptop, what would my subnet be?
> > Wireless LAN adapter Wi-Fi:
> >
> >    Connection-specific DNS Suffix  . : fios-router.home
> >    Description . . . . . . . . . . . : BCM43142 Wireless Network Adapter
> >    Physical Address. . . . . . . . . : B8-76-3F-BA-95-87
> >    DHCP Enabled. . . . . . . . . . . : Yes
> >    Autoconfiguration Enabled . . . . : Yes
> >    Link-local IPv6 Address . . . . . :
> > fe80::e58f:8344:f8e:eb1b%9(Preferred)
> >    IPv4 Address. . . . . . . . . . . : 192.168.1.25(Preferred)
> >    Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >    Lease Obtained. . . . . . . . . . : Saturday, August 25, 2018 3:28:53
> AM
> >    Lease Expires . . . . . . . . . . : Tuesday, August 28, 2018 3:47:00
> PM
> >    Default Gateway . . . . . . . . . : 192.168.1.1
> >    DHCP Server . . . . . . . . . . . : 192.168.1.1
> >    DHCPv6 IAID . . . . . . . . . . . : 330855999
> >    DHCPv6 Client DUID. . . . . . . . :
> > 00-01-00-01-1E-0B-D2-E7-3C-07-71-6C-A9-6D
> >    DNS Servers . . . . . . . . . . . : 192.168.1.1
> >    NetBIOS over Tcpip. . . . . . . . : Enabled
> >    Connection-specific DNS Suffix Search List :
> >                                        fios-router.home
> >
> > Is it 192.168.1.1? I just want to be sure I get this right. Thanks again,
> > Vendel/ K2DSI.
> >
> >
> > Sent from Mail for Windows 10
> >
> > From: Doug Crompton via arm-allstar
> > Sent: Saturday, August 18, 2018 4:13 PM
> > To: ARM Allstar
> > Cc: Doug Crompton
> > Subject: Re: [arm-allstar] Adding IP table rules so only my SIP provider
> > canconnect to my node (stop hacking attempts)
> >
> > Also in my example you also need to change the local subnet to yours. In
> my
> > case it was 192.168.0.0  - but your is probably different.
> >
> >
> > *73 Doug*
> >
> > *WA3DSP*
> >
> > *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> >
> >
> > On Sat, Aug 18, 2018 at 3:11 PM, "Vendel Boeree via arm-allstar" <
> > arm-allstar at hamvoip.org> wrote:
> >
> > > Hi all, I'm new to the group and would like to know how to add IP table
> > > rules to allow my SIP provider to connect to my node and reject hacking
> > > attempts. I'd try Fail2ban but quite honestly installing it and setting
> > it
> > > up makes my head spin. Thanks in advance, Vendel/ K2DSI.
> > > _______________________________________________
> > >
> > > arm-allstar mailing list
> > > arm-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> > >
> > _______________________________________________
> >
> > arm-allstar mailing list
> > arm-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >
> >
> >
> > ---
> > This email has been checked for viruses by Avast antivirus software.
> > https://www.avast.com/antivirus
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org

More information about the arm-allstar mailing list