How to configure firewall IPTABLES on Vicidial on cloud .
If you are hosting your Vicidial on the cloud then there are big issue with illegal’s SIP registration attacks and illegal’s calls issue.
So its better to block every thing allow your IPs and RTP packets . this need to be done very carefully otherwise you will lock your self.
Here I am giving an example step by step . and I hope someone can come up some good addition to secure more .
Access your server by ssh
iptables -F
iptables -N SIP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s X.X.X.X -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 8.8.8.8/32 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j SIP
iptables -A INPUT -p udp --dport 5060 -j DROP
iptables -A INPUT -p udp --dport 5061 -j SIP
iptables -A INPUT -p udp --dport 5061 -j DROP
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables -I INPUT 1 -i ens192 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -i ens192 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A SIP -s X.X.X.X/32 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
/sbin/service iptables save
Continue reading How to configure firewall IPTABLES on Vicidial on cloud