filtering Ip by country

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#1
on http://nerdvittles.com/?p=639 an additional layer of security to limit anonymous sip access only from the countries you are expecting call from..

A nice idea to block foreign sip attacks on your server.
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#2
Thanks for the link!

Regards. gamba47
 

danardf

Joined
Dec 3, 2007
Messages
8,069
Likes
10
Points
88
#3
Cool Patrick. Very useful. :)
 

Chilling_Silence

Joined
Sep 23, 2008
Messages
488
Likes
0
Points
0
#4
I wanted to restrict access to my VPN so it only accepted connections from within my country (The VPN server was in a DC which gave unlimited national traffic, but big costs for international after 4GB).

Here's what I use, it's a hack-up job but it works surprisingly well!
Code:
iptables --flush
echo 1 > /proc/sys/net/ipv4/ip_forward
cat /root/firewall/routes.txt | while read currline; do iptables -A INPUT -s $currline -p tcp -m tcp --dport 1723 -j ACCEPT; done
iptables -A INPUT -p tcp -m tcp --dport 1723 -j DROP
In routes.txt there's just a plain list, such as:
Code:
110.173.160.0/20
110.44.16.0/22
110.92.16.0/23
111.65.224.0/20
111.69.0.0/16
111.69.2.0/24
112.109.64.0/24
112.109.80.0/21
112.140.176.0/23
112.140.178.0/23
Could be used the same way, but by changing to UDP port 5060 instead? Secure / easy enough?
Most ISP's will give you their IP ranges they use if you ask them :)
 

Members online

Latest posts

Forum statistics

Threads
30,918
Messages
130,924
Members
17,601
Latest member
andrebr
Top