On 04/04/2013 03:49 PM, Per Jessen wrote:
Here is what used to have:
## SIP flood protection $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --set $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --update --seconds 60 --hitcount 6 -j LOG --log-prefix 'SIP attack: ' $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --update --seconds 60 --hitcount 6 -j DROP
I don't currently have any external SIP users, but I'm pretty certain the above also gave legitimate users a problem. I'm wondering if it is because the firewall needs to look into the SIP packet to be able to determine what it is.
In addition I have FW_EXT_UDP=10000:20000 since my rtf.conf is rtpstart=10000 rtpend=20000 On the other hand today is (touch wood) relatively silent day Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org