FireBrick 2700 Configuration run-through: Difference between revisions
|
If you have VoIP phones on your LAN, then here are some example rules to allow SIP and RTP from the AAISP phone servers:
<syntaxhighlight>
<rule-set name="Incoming Firewall Rules">
<rule name="SIP" source-ip="81.187.30.110-119" target-ip="1.2.3.0/28" target-port="5060-5069"/>
<rule name="RTP" target-ip="1.2.3.0/28" protocol="17" target-port="1025-5059 5070-" set-graph="RTP"/>
</rule-set>
</syntaxhighlight>
Here the rules are defined in a rule-set. rule-sets allow helpful management of rules. Ie you can have a couple of main rule sets for example for Incoming Traffic, Port Maps, Outgoing Traffic etc. Rules and rule-sets are processed in order, top to bottom.
This also sets a graph for RTP, you may want to restrict the target to just your VoIP phones, as the above set the target at the whole of the LAN
| |||