IPTABLES Firewall for CentOS/Elastix

Discussion in 'General' started by Eham, Nov 16, 2007.

  1. Eham

    Joined:
    Nov 16, 2007
    Messages:
    42
    Likes Received:
    0
    As I mentioned in another thread I have created an IPTABLES firewall script for Elastix/CentOS. It takes in account of allowing all outbound+established connections, RTP port ranges, signaling, Hylafax print-to-fax FTP passiv, SSH, and https.

    My intention was to negate the need for another piece of hardware to control firewalling and put the Elastix box directly on the public internet. Mainly because I am using SIP trunking without analog cards whatsoever. So far so good. My nmap port-scan on the box shows that the back-end stuff is locked out. If the Admins at Elastix are interested, I can supply my code as a favor for offering such a great open-source product.
     
  2. lek

    lek Guest

    Thanks a lot for your post Eham!!

    Sure, we're interested. Please send us an email to info at elastix dot org
     
  3. steven.delport

    Joined:
    Feb 3, 2011
    Messages:
    6
    Likes Received:
    0
    Why not just post it here I am also interested, I would like a box at my isp with sip connections to my providers then my home box connected via IAX2 trunk to that box.
     
  4. suliman317

    Joined:
    Apr 6, 2011
    Messages:
    2
    Likes Received:
    0
    Here is my script that configs iptables. you will need iptables already installed and running. it will deny all traffic coming in a d then selectively allow traffic in, and will allow all traffic coming in from trusted networks..

    #!/bin/bash
    #
    # Flush all current rules from iptables
    #
    iptables -F
    #
    # Allow SSH connections on tcp port 22
    # This is essential when working on remote servers via SSH to prevent locking yourself out of the system
    #
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    #
    #Allow HTTPS Connections
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    # Set default policies for INPUT, FORWARD and OUTPUT chains
    #
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    #
    # Set access for localhost
    #
    iptables -A INPUT -i lo -j ACCEPT
    #
    # Accept packets belonging to established and related connections
    #
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #
    #
    # open up all traffic to these trusted IP's only
    # Accept packets from trusted IP addresses
    iptables -A INPUT -s 204.157.3.70 -j ACCEPT # mirror.cogentco.com
    iptables -A INPUT -s 38.126.208.170 -j ACCEPT # www.palosanto.com
    #
    # Save settings
    #
    /sbin/service iptables save
    #
    #
    echo 'restarting after save'
    #
    #
    /sbin/service iptables restart
    echo 'here are your rule set'
    #
    # List rules
    iptables -L -v
     

Share This Page