I have a rule in iptables to drop certain packets from addresses, like:

iptables --list | grep 37 DROP all -- 37.0.0.0/8 anywhere

So I am wondering how this got through???

[Jan 27 02:36:52] NOTICE[9298][C-000005ce] chan_sip.c: Call from '' ( 37.8.28.217:10024) to extension '888888011972592871997' rejected because extension not found in context 'default'

Shouldn't the firewall have dropped it?

Without more info, no one can help. Iptables are processed top down, have you allowed something less specific above? A subnet, a protocol etc?

On 27-01-14 13:32, Jerry Geis wrote:

I have a rule in iptables to drop certain packets from addresses, like:

iptables --list | grep 37 DROP all -- 37.0.0.0/8 anywhere

So I am wondering how this got through???

[Jan 27 02:36:52] NOTICE[9298][C-000005ce] chan_sip.c: Call from '' ( 37.8.28.217:10024) to extension '888888011972592871997' rejected because extension not found in context 'default'

Shouldn't the firewall have dropped it?

That depends on the other rules. If there was a previous rule allowing access then the answer is no. But that's difficult to tell without knowing which rules are active so the output of iptables -n -L would help.

If you are not using fail2ban I highly recommend installing it and add/enable the asterisk rules.

Regards, Patrick