# Generated by iptables-save v1.4.21 on Wed Sep 27 20:30:27 2017
*mangle
:PREROUTING ACCEPT [441:25939]
:INPUT ACCEPT [441:25939]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [271:103110]
:POSTROUTING ACCEPT [271:103110]
-A OUTPUT -p udp -j DSCP --set-dscp-class EF
COMMIT
# Completed on Wed Sep 27 20:30:27 2017
# Generated by iptables-save v1.4.21 on Wed Sep 27 20:30:27 2017
*nat
:PREROUTING ACCEPT [63:2364]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:118]
:POSTROUTING ACCEPT [1:118]
COMMIT
# Completed on Wed Sep 27 20:30:27 2017
# Generated by iptables-save v1.4.21 on Wed Sep 27 20:30:27 2017
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [271:103110]
:LOG_DROP - [0:0]
-A INPUT -m set --match-set blacklist src -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 0.0.0.0/8 -j DROP
-A INPUT -s 100.64.0.0/10 -j DROP
-A INPUT -s 127.0.0.0/8 -j DROP
-A INPUT -s 169.254.0.0/16 -j DROP
-A INPUT -s 172.16.0.0/12 -j DROP
-A INPUT -s 192.0.0.0/24 -j DROP
-A INPUT -s 192.0.2.0/24 -j DROP
-A INPUT -s 192.168.0.0/16 -j DROP
-A INPUT -s 198.18.0.0/15 -j DROP
-A INPUT -s 198.51.100.0/24 -j DROP
-A INPUT -s 203.0.113.0/24 -j DROP
-A INPUT -s 224.0.0.0/4 -j DROP
-A INPUT -s 240.0.0.0/4 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP
-A INPUT -p udp -m length --length 0:28 -j DROP
-A INPUT -p tcp -m geoip --source-country DE,US -m tcp --dport 5001 -j ACCEPT
-A INPUT -p tcp -m geoip --source-country DE,US -m tcp --dport 5090 -j ACCEPT
-A INPUT -p udp -m geoip --source-country DE,US -m udp --dport 5090 -j ACCEPT
-A INPUT -p udp -s <IP of Asterisk Server> -m udp --dport 5060 -j ACCEPT
-A INPUT -s <Home IP Address> -j ACCEPT
-A INPUT -j DROP
-A LOG_DROP -j LOG --log-prefix "Firewall blocked: "
-A LOG_DROP -j DROP
COMMIT
# Completed on Wed Sep 27 20:30:27 2017
I've got 3cx running but I'd like to get fail2ban and something similar to the firewall on Incredible or freepbx
anyone have any ideas?
THanks
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.