FreeSWITCH中文网,电话机器人开发网 ,微信订阅号:

FreeSWITCH及VOIP,Openser,电话机器人等产品中文技术资讯、交流、沟通、培训、咨询、服务一体化网络。QQ群:293697898

Home

FreeSWITCH iptables 设置(转)
tags:FreeSWITCH iptables voip安全 创建时间:2015-09-18 17:18:42

本文属于转载,源地址:

http://www.8000hz.com/archives/freeswitch-iptables-centos-6-example.html

平台

Centos 6.X

FreeSWITCH 1.2.x

FreeSWITCH centos 防火墙推荐配置

文件 /etc/sysconfig/iptables

```bash

*mangle
\# mark SIP UDP packets with CS3
-A OUTPUT -p udp -m udp --sport 5060 -j DSCP --set-dscp-class cs3
\# mark SIP UDP packets with CS3
-A OUTPUT -p tcp --sport 5060 -j DSCP --set-dscp-class cs3
\# mark SIP TLS packets with CS3
-A OUTPUT -p tcp --sport 5061 -j DSCP --set-dscp-class cs3
\# mark RTP packets with EF
-A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp-class ef
COMMIT
*filter
\# Allows all loopback (lo0) traffic
-A INPUT -i lo -j ACCEPT
\# Drop all traffic to 127/8 that doesn't use lo0
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
\# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
\# Allow all outbound traffic
-A OUTPUT -j ACCEPT
\# Allow web connections
-A INPUT -p tcp -m state --state NEW --dport 8888 -j ACCEPT
\# Allow STUN service (Used for NAT traversal)
-A INPUT -p udp --dport 3478 -j ACCEPT
-A INPUT -p udp --dport 3479 -j ACCEPT
\# Allow MLP protocol server
-A INPUT -p tcp --dport 5002 -j ACCEPT
\# Allow Neighborhood service
-A INPUT -p udp --dport 5003 -j ACCEPT
\# Allow SIP UDP
-A INPUT -p udp --dport 5060 -j ACCEPT
\# Allow SIP TCP
-A INPUT -p tcp --dport 5060 -j ACCEPT
\# Allow SIP TLS
-A INPUT -p tcp --dport 5061 -j ACCEPT
\# Allow RTP
-A INPUT -p udp --dport 16384:32768 -j ACCEPT
\# Allow XML_RPC from another server (replace 127.0.0.1 with the IP that will access FS ESL)
-A INPUT -p tcp --dport 8080 -s 127.0.0.1 -j ACCEPT
\# Allow SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
\# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
\# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

```


上海老李,QQ:1354608370,FreeSWITCH QQ群: