wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,168
- Reaction score
- 5,199
CentOS 7 support has been added to the latest installer. Documentation available here.
# Generated by iptables-save v1.4.7 on Thu Oct 26 08:42:00 2017
*nat
:PREROUTING ACCEPT [7:608]
:POSTROUTING ACCEPT [36:2319]
:OUTPUT ACCEPT [36:2319]
COMMIT
# Completed on Fri Mar 2 10:36:08 2012
# Generated by iptables-save v1.4.7 on Fri Mar 2 10:36:08 2012
*mangle
:PREROUTING ACCEPT [1103:1400664]
:INPUT ACCEPT [1102:1400632]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [656:59330]
:POSTROUTING ACCEPT [656:59330]
-A PREROUTING -m conntrack --ctstate INVALID -j DROP
-A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
-A PREROUTING -p icmp -j DROP
-A PREROUTING -f -j DROP
-A PREROUTING -s 224.0.0.0/3 -j DROP
-A PREROUTING -s 169.254.0.0/16 -j DROP
-A PREROUTING -s 172.16.0.0/12 -j DROP
-A PREROUTING -s 192.0.2.0/24 -j DROP
-A PREROUTING -s 192.168.0.0/16 -j DROP
-A PREROUTING -s 240.0.0.0/5 -j DROP
COMMIT
# Completed on Fri Mar 2 10:36:08 2012
# Generated by iptables-save v1.3.5 on Tue Apr 1 11:35:49 2014
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -s 127.0.0.0/8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport zzzz -j ACCEPT
# Here's the Incredible PBX list of SIP Trusted Providers
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -m set --match-set cn src -j DROP
-A INPUT -m set --match-set ru src -j DROP
-A INPUT -m set --match-set ps src -j DROP
-A INPUT -m set --match-set kp src -j DROP
-A INPUT -m set --match-set ua src -j DROP
-A INPUT -m set --match-set md src -j DROP
-A INPUT -m set --match-set nl src -j DROP
-A INPUT -m set --match-set fr src -j DROP
-A INPUT -m set --match-set voipbl src -j DROP
# revised as detailed in subsequent postings
-A INPUT -p udp -m udp --dport 3000:5037 -j ACCEPT
-A INPUT -p udp -m udp --dport 5091:65535 -j ACCEPT
#-A INPUT -p udp -m udp --dport 3000:65535 -j ACCEPT
-A INPUT -m string --algo bm --string "xxx.xxx.xxx.xxx" -j DROP
-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5061 -j ACCEPT
# these have been moved to /usr/local/sbin/iptables-custom
# End of Trusted Provider Section
# Kitchen Sink entries below give full access to all server ports
# next 3 entries are replaced with your server, user, and public IP addresses
# this is a snapshot of where you were when you installed Incredible PBX
# It assures that you can log back in from there once we lock down IPtables
# NO RESTRICTIONS are placed on these 3 addresses or private LAN subnets!
# The IP addresses are your server, user, and public addresses respectively
-A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
-A INPUT -s yyy.yyy.yyy.yyy -j ACCEPT
# your own additions go above here
COMMIT
# Generated by iptables-save v1.3.5 on Tue Apr 1 11:35:49 2014
-A INPUT -p udp -m udp --dport 3000:65535 -j ACCEPT
-A INPUT -m string --algo bm --string \"$MYIP\" -j DROP
-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5061 -j ACCEPT"
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.