[arm-allstar] Adding IP table rules so only my SIP provider canconnect to my node (stop hacking attempts)

Doug Crompton wa3dsp at gmail.com
Tue Aug 28 01:25:37 EDT 2018 

Vendel,

  Actually you were right.....   192.168.0.0/16  would work fine.  This
would cover any local subnet you would have. So it would cover 192.168.1.x
which I think is your local subnet.  So leave it the way it was.  You could
make it more specific but it does not matter. Those addresses are not
routed on the Internet side of your router. I use this here and it works
fine. I allow 2 specific outside SIP addresses and all internal.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Tue, Aug 28, 2018 at 12:45 AM "Vendel via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> Hi Doug, I made the changes from your prior message. When I enter
> /sbin/iptables -L, this is what I get…
>
>
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     udp  --  192.168.0.0/16       anywhere             udp dpt:sip
> ACCEPT     udp  --  72.251.239.207       anywhere             udp dpt:sip
> DROP       udp  --  anywhere             anywhere             udp dpt:sip
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> 192.168.0.0/16?
> Sent from Mail for Windows 10
>
> From: Doug Crompton via ARM-allstar
> Sent: Tuesday, August 28, 2018 12:01 AM
> To: ARM Allstar
> Cc: Doug Crompton
> Subject: Re: [arm-allstar] Adding IP table rules so only my SIP provider
> canconnect to my node (stop hacking attempts)
>
> Vendel,
>
> I think you have some conflicting statements here.  The complete line to
> allow local sip would be -
>
> $IPT -A INPUT -p udp -s 192.168.1.0/16 --dport 5060 -j ACCEPT
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>
>
> On Mon, Aug 27, 2018 at 11:08 PM "Vendel via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
> > Hi Doug, based on my “ipconfig /all” wireless setting response obtained
> > via my laptop, what would my subnet be?
> > Wireless LAN adapter Wi-Fi:
> >
> >    Connection-specific DNS Suffix  . : fios-router.home
> >    Description . . . . . . . . . . . : BCM43142 Wireless Network Adapter
> >    Physical Address. . . . . . . . . : B8-76-3F-BA-95-87
> >    DHCP Enabled. . . . . . . . . . . : Yes
> >    Autoconfiguration Enabled . . . . : Yes
> >    Link-local IPv6 Address . . . . . :
> > fe80::e58f:8344:f8e:eb1b%9(Preferred)
> >    IPv4 Address. . . . . . . . . . . : 192.168.1.25(Preferred)
> >    Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >    Lease Obtained. . . . . . . . . . : Saturday, August 25, 2018 3:28:53
> AM
> >    Lease Expires . . . . . . . . . . : Tuesday, August 28, 2018 3:47:00
> PM
> >    Default Gateway . . . . . . . . . : 192.168.1.1
> >    DHCP Server . . . . . . . . . . . : 192.168.1.1
> >    DHCPv6 IAID . . . . . . . . . . . : 330855999
> >    DHCPv6 Client DUID. . . . . . . . :
> > 00-01-00-01-1E-0B-D2-E7-3C-07-71-6C-A9-6D
> >    DNS Servers . . . . . . . . . . . : 192.168.1.1
> >    NetBIOS over Tcpip. . . . . . . . : Enabled
> >    Connection-specific DNS Suffix Search List :
> >                                        fios-router.home
> >
> > Is it 192.168.1.1? I just want to be sure I get this right. Thanks again,
> > Vendel/ K2DSI.
> >
> >
> > Sent from Mail for Windows 10
> >
> > From: Doug Crompton via arm-allstar
> > Sent: Saturday, August 18, 2018 4:13 PM
> > To: ARM Allstar
> > Cc: Doug Crompton
> > Subject: Re: [arm-allstar] Adding IP table rules so only my SIP provider
> > canconnect to my node (stop hacking attempts)
> >
> > Also in my example you also need to change the local subnet to yours. In
> my
> > case it was 192.168.0.0  - but your is probably different.
> >
> >
> > *73 Doug*
> >
> > *WA3DSP*
> >
> > *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> >
> >
> > On Sat, Aug 18, 2018 at 3:11 PM, "Vendel Boeree via arm-allstar" <
> > arm-allstar at hamvoip.org> wrote:
> >
> > > Hi all, I'm new to the group and would like to know how to add IP table
> > > rules to allow my SIP provider to connect to my node and reject hacking
> > > attempts. I'd try Fail2ban but quite honestly installing it and setting
> > it
> > > up makes my head spin. Thanks in advance, Vendel/ K2DSI.
> > > _______________________________________________
> > >
> > > arm-allstar mailing list
> > > arm-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> > >
> > _______________________________________________
> >
> > arm-allstar mailing list
> > arm-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >
> >
> >
> > ---
> > This email has been checked for viruses by Avast antivirus software.
> > https://www.avast.com/antivirus
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org

More information about the arm-allstar mailing list