On Mon, Sep 26, 2011 at 10:10 AM, <m.roth at 5-cent.us> wrote: > Theo Band wrote: > > On 09/26/2011 01:02 PM, Jennifer Botten wrote: > >> > >> I am having an issue with someone accessing our server via a SIP/VOIP > >> connection. I have changed my iptables rules to drop all UDP traffic > >> from and too this IP address, but this traffic seems to still run > >> through my server. These are the iptables rules that I current have on > >> the server. > >> > >> -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP > >> > >> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP > >> > >> > > If your SIP server needs to be accessed from any IP address, consider to > > use fail2ban. Easy to setup and it will block access to your SIP server > > after so many false attempts. > > I started using fail2ban to prevent the logs (Asterisk) from cluttering > > failed logons. > > Let me chime in: *yes* to fail2ban. We use it here at work, and it works, > and is very good. Not too hard to configure for basic usage, either, but > very extensible. > > mark > > I use CSF and LFD. Like every other firewall, the backend is always iptables but CSF is so powerful and has a lot of irreplaceable power and functionality. It can be a bit of difficult to configure it for the first time but when you do, you will never look back ;) -Micky.