I thought about this to, using ipchains and setting up some firewall rules to allow only certain IPs but it was much simpler for me to write something out quick at the time then to start experimenting with firewall rules in linux. I just thought this would be much quicker for me since I'm not a firewall guru and later on I would play with this scenario. Perhaps someone has some gnugk firewall scripts that they can share. Regards, Freddy -----Original Message----- From: openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Zygmuntowicz Michal Sent: Monday, September 27, 2004 4:10 PM To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: IP based Auth with unregisterd enpoints. Note that for such simple scenario, a much better choice is to cut the IPs on a firewall. It gives much better performance/DoS resistance. ----- Original Message ----- From: "Freddy Parra" <fparra@xxxxxxxxxx> Sent: Monday, September 27, 2004 6:51 PM Right now as far as I know the only way is through radius authentication which supports setupunreg rule. I do have a hack for this without using radius. It authenticates based on IP for unregistered endpoints, and its been running for weeks without any problem with main carriers. I'll be happy to post source changes if anyone needs this. This is for 2.2b5. Basically I have an access list in my Configuration like this [SetupUnregAuth] Allow=IP1,IP2,IP3, etc.... Only these IPs will be allowed access. This is good since you no longer have to worry about keeping your entire network open if you set AcceptUnregisteredCalls=1, since this allows anyone to send calls to your gatekeeper. My codes checks for this before executing the access list code. In other words if AcceptUnregisteredCalls=0 then access list is checked. Regards, Freddy ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id?49 Homepage: http://www.gnugk.org/
