[Serusers] iptables
Nils Ohlmeier
nils at iptel.org
Tue Jan 6 15:26:50 CET 2004
Hi,
On Tuesday 06 January 2004 15:01, listas iPfone wrote:
> I need some help in setting up iptables to let sip traffic pass in my
> machine using ser.
>
> There is some doc about it?
AFAIK not, because there is not much to document: SIP uses by default port
5060 and UDP and TCP as transport protocol.
> Somebody can give me advice?
iptables -A WHATEVER_IS_YOUR_CHAIN -p tcp --dport 5060 -j ACCEPT
iptables -A WHATEVER_IS_YOUR_CHAIN -p udp --dport 5060 -j ACCEPT
Naturally you can add '--sport 5060' if you want to force only SIP-to-SIP
communication.
Note: all SIP compliant devices should support other ports then 5060, so there
is no way to guarantee that the SIP devices behind your packet filter do not
use e.g. port 80 for their communication.
And as there is yet no SIP conntrack helper module, there is currently no way
to let pass the media of the phone calls in a 'secure' way.
Greets
Nils
More information about the sr-users
mailing list