Through a firewall I permit what the GNU/GK is configured for and nothing else, although I do block port 7000. You can also use iptables to block access to port 7000 on a local machine, I have been able to bind it to specific IP's with the Home= and Bind=, but that applies to all services in GNU/GK. It would be great to have a ServicesPortBind= config option. Andrew -----Original Message----- From: Robert Kulagowski Sent: Wednesday, November 02, 2011 12:26 PM To: GNU Gatekeeper Users Subject: Restricting ports? >From a security perspective, has anyone found reason to restrict the ports that GnuGk uses? I'm assuming that opening UDP 1025-65535, TCP/1719 and TCP/1720 to the internet is all that's required for full functionality? Also, it appears that the status port (7000) binds to all interfaces. Is there a configuration switch to only allow it to bind to a particular interface or IP address? In a dual-nic proxy situation, it would be better to not even listen to the external port, even with appropriate firewall rules in place. I use multiple secondary addresses on my external NIC and each of them are listening to 1720 and 7000. Jan, would you consider a doc patch that details the ports and the traffic direction that needs to be configured for firewalls? Direction TCP/UDP port(s) Purpose In TCP 1720 Control port (etc) ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
