I’m attacked to my pbx from 2 months and already blocked 100 IP (2-3 daily). I have dynamic ip on some clients so I cannot authorize to pass only some fix IP. My solution can be permit only some country ip. On the net I can generate the contry IP list to permit or deny, but are too much IP to upload manually in zeroshell firewall. How can I do?
you can create firewall rules (given that your firewall is in drop mode) who accept everything which does match the protocol you use (not sure it’s possible in your case though) or rules who accept packets based on “Layer 7 filters”.
I guess you want only VoIP to work? In this case, a few rules with layer 7 inspection are needed. I’m using it for QOS, but not sure it will fit all your needs : add accept rules for SIP, H323, Ventrilo, Teamspeak, Skypeout, skypetoskype.
My problem is not have only VOIP to work, my problem is that each day I have 3 new IP that attack my pbx to try to use it. So I cannot block voip service but I can just block by drop the IP that make the attack. I already inserted 100 IP and each day are 2-3 new! I have to go on manually for all my life? And how many rule max I can insert in zeroshell firewall? If I have my voip clients in 2 countries I thought that I can authorize on port 5060 only the ip of this 2 country, but are hundred of IP and cannot upload all manually. For this I’m looking for upload rule in some way from a list!!! a simple Linux server make this, zeroshell no? My voip clients have dynamic IP so I cannot solve just with their Ip authorization.