On Sunday 2012-03-04 05:39, Kerin Millar wrote: > On 21/01/2011 02:05, Max DiOrio wrote: >> I was also hoping someone can provide some guidance on leaving the RTP >> ports UDP 10000:20000 open to all IP's on the WAN. What type of >> security issue will this raise? Should I install Fail2Ban in this >> setup? The only issue I have with Fail2Ban was that it blocked my >> access from the LAN within 15 seconds of it coming online. > > They needn't be open at all. Instead, load the the ip_conntrack_sip module and > ensure that your iptables policy is stateful. > > http://www.iptel.org/sipalg/ This is all outdated material. It's nf_conntrack_sip and has been long merged into the kernel already. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
