On 27-01-14 13:32, Jerry Geis wrote: > I have a rule in iptables to drop certain packets from addresses, like: > > iptables --list | grep 37 > DROP all -- 37.0.0.0/8 anywhere > > So I am wondering how this got through??? > > [Jan 27 02:36:52] NOTICE[9298][C-000005ce] chan_sip.c: Call from '' ( > 37.8.28.217:10024) to extension '888888011972592871997' rejected because > extension not found in context 'default' > > Shouldn't the firewall have dropped it? That depends on the other rules. If there was a previous rule allowing access then the answer is no. But that's difficult to tell without knowing which rules are active so the output of iptables -n -L would help. If you are not using fail2ban I highly recommend installing it and add/enable the asterisk rules. Regards, Patrick _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos