12,270
edits
VoIP Firewall: Difference between revisions
m
no edit summary
(Add an example for a consumer router (e.g. ZyXEL). Needs 6 rules - or 12 if your RTP port range doesn't include 5060) |
mNo edit summary |
||
| (One intermediate revision by one other user not shown) | |||
|
|}
Customers should add all IPs above to their firewall rules even if you don't see traffic from or to them. This is a fairly large number of addresses but it means we can expand our platform over time as well as accommodate hosting our equipment in diverse datacentres.
'''SIP''' is the call routing information that creates and manages calls. In practice if you allow port 5060 from the outside world you'll see attacks and possibly receive spam phone calls. We do not recommend leaving 5060 open unless you really know what you are doing. Phones rarely use ports as low as 5060 for media.
=Example consumer router config=
The following example is for an AAISP-supplied ZyXEL router. It assumes you have locked down the RTP port range on clients to ports 5000-5098. Because the Custom Destination Port range covers port 5060 we get away with half the rules - 6, rather than 12!
{| class="wikitable"
!colspan="7"|Firewall Rules on the AAISP VoIP Platform
| |||