- This topic is empty.
October 25, 2017 at 6:50 pm #44885
I’m attacked to my pbx from 2 months and already blocked 100 IP (2-3 daily). I have dynamic ip on some clients so I cannot authorize to pass only some fix IP. My solution can be permit only some country ip. On the net I can generate the contry IP list to permit or deny, but are too much IP to upload manually in zeroshell firewall. How can I do?October 26, 2017 at 8:54 am #54588
you can create firewall rules (given that your firewall is in drop mode) who accept everything which does match the protocol you use (not sure it’s possible in your case though) or rules who accept packets based on “Layer 7 filters”.
I guess you want only VoIP to work? In this case, a few rules with layer 7 inspection are needed. I’m using it for QOS, but not sure it will fit all your needs : add accept rules for SIP, H323, Ventrilo, Teamspeak, Skypeout, skypetoskype.October 26, 2017 at 7:35 pm #54589
My problem is not have only VOIP to work, my problem is that each day I have 3 new IP that attack my pbx to try to use it. So I cannot block voip service but I can just block by drop the IP that make the attack. I already inserted 100 IP and each day are 2-3 new! I have to go on manually for all my life? And how many rule max I can insert in zeroshell firewall? If I have my voip clients in 2 countries I thought that I can authorize on port 5060 only the ip of this 2 country, but are hundred of IP and cannot upload all manually. For this I’m looking for upload rule in some way from a list!!! a simple Linux server make this, zeroshell no? My voip clients have dynamic IP so I cannot solve just with their Ip authorization.October 27, 2017 at 9:24 am #54590
zeroshell being a linux server, you can do what you’re used to using the command lineOctober 27, 2017 at 7:01 pm #54591
Multumesc for not help me MontikoreOctober 30, 2017 at 1:34 pm #54592
- You must be logged in to reply to this topic.