IPTABLES Firewall for CentOS/Elastix

Eham

Joined
Nov 16, 2007
Messages
42
Likes
0
Points
0
#1
As I mentioned in another thread I have created an IPTABLES firewall script for Elastix/CentOS. It takes in account of allowing all outbound+established connections, RTP port ranges, signaling, Hylafax print-to-fax FTP passiv, SSH, and https.

My intention was to negate the need for another piece of hardware to control firewalling and put the Elastix box directly on the public internet. Mainly because I am using SIP trunking without analog cards whatsoever. So far so good. My nmap port-scan on the box shows that the back-end stuff is locked out. If the Admins at Elastix are interested, I can supply my code as a favor for offering such a great open-source product.
 

lek

Guest
#2
Thanks a lot for your post Eham!!

Sure, we're interested. Please send us an email to info at elastix dot org
 

steven.delport

Joined
Feb 3, 2011
Messages
6
Likes
0
Points
0
#3
Why not just post it here I am also interested, I would like a box at my isp with sip connections to my providers then my home box connected via IAX2 trunk to that box.
 

suliman317

Joined
Apr 6, 2011
Messages
2
Likes
0
Points
0
#4
Here is my script that configs iptables. you will need iptables already installed and running. it will deny all traffic coming in a d then selectively allow traffic in, and will allow all traffic coming in from trusted networks..

#!/bin/bash
#
# Flush all current rules from iptables
#
iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
#Allow HTTPS Connections
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
# open up all traffic to these trusted IP's only
# Accept packets from trusted IP addresses
iptables -A INPUT -s 204.157.3.70 -j ACCEPT # mirror.cogentco.com
iptables -A INPUT -s 38.126.208.170 -j ACCEPT # www.palosanto.com
#
# Save settings
#
/sbin/service iptables save
#
#
echo 'restarting after save'
#
#
/sbin/service iptables restart
echo 'here are your rule set'
#
# List rules
iptables -L -v
 

Members online

No members online now.

Forum statistics

Threads
30,951
Messages
130,979
Members
17,652
Latest member
joeljag_19
Top