>> why don't you secure the signalling using PKI I think this is the smarter way of doing it. >> The server on your side of the connection won't accept it unless a secure handshake has >> been established - job done. I am familiar with PKI and SSH handshake. In this scenario what would be responsible for securing the handshake? Can we use iptables to match public/private keys and establish a secure connection? We really like to abstract outwards the different services (i.e., leave SIP related doings to the SIP server, and handshake securing to OpenVPN?). >> OK, that won't prevent you from somebody ddos-ing you, but you could easily protect >> yourself from this using standard iptables tools. I think with PKI, and standard iptables ddos is less of an issue? Guys, thank you so much! And thank you iptables for making our networks a little more secure, and the internet a little more bearable! Kind Regards, Nick. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
