Re: Question on iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 27-01-14 13:32, Jerry Geis wrote:
> I have a rule in iptables to drop certain packets from addresses, like:
>
> iptables --list | grep 37
> DROP       all  --  37.0.0.0/8           anywhere
>
> So I am wondering how this got through???
>
> [Jan 27 02:36:52] NOTICE[9298][C-000005ce] chan_sip.c: Call from '' (
> 37.8.28.217:10024) to extension '888888011972592871997' rejected because
> extension not found in context 'default'
>
> Shouldn't the firewall have dropped it?

That depends on the other rules. If there was a previous rule allowing 
access then the answer is no. But that's difficult to tell without 
knowing which rules are active so the output of iptables -n -L would help.

If you are not using fail2ban I highly recommend installing it and 
add/enable the asterisk rules.

Regards,
Patrick
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux