RECOMMENDATIONS Block requests not directed at domain name

A

Addisonb

New Member
Joined
Oct 8, 2014
Messages
18
Reaction score
5
Hello,
On one of our PIAF installs, one of the system administrators put in a rule that will block requests directed at 12.34.56.78 (the public IP of our phone system) but accept requests to phone.system.com which is an A host that resolves to 12.34.56.78.
I need to duplicate this on another system. Any guesses on how this was done? I know IP tables doesn't have this functionality. Any recommendations on what would could accomplish this?
Thanks,
Addison
 
A

Addisonb

New Member
Joined
Oct 8, 2014
Messages
18
Reaction score
5
To follow up:
This is being accomplished using the "string matching" in IPtables.
You can read more about it here:
https://wiztelsys.com/blog/iptables-string-matching-for-advanced-firewalling/

In our case our command looks like this:
-A INPUT -i eth1 -p udp -m udp --dport 5060:5082 -m string --string "FQDN.domain.com" --algo bm --to 65535 -j ACCEPT

This allows for malicious attempts on ports 5060 to be dropped if they don't know our FQDN.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 88 (members: 1, guests: 87)

Latest Posts

Forum statistics

Threads
25,838
Messages
167,924
Members
19,260
Latest member
lucky
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top