Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

VoIP Firewall: Difference between revisions

m
Example Config
m (Line spacing)
m (Example Config)
'''SIP''' is the call routing information that creates and manages calls. In practice if you allow port 5060 from the outside world you'll see attacks and possibly receive spam phone calls. We do not recommend leaving 5060 open unless you really know what you are doing. Phones rarely use ports as low as 5060 for media.
 
'''RTP''' is the actual media (eg, the audio). On the older call servers it will be as direct as possible the media can be sent from anywhere on the internet. Using the new call servers it is only from the same call server as the SIP control messages. On most phones you can configure which ports to use for RTP, so you can restrict this range further. For example, on a SNOMSnom phonePhone the default range for RTP is 49152 to 65534.
 
 
==Example Config==
Snom Phone:
<syntaxhighlight>
<rule-set name="VoIP" target-interface="LAN" no-match-action="reject">
<rule name="SIP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="5060" action="accept"/>
<rule name="RTP" source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48" target-ip="1.2.3.4" target-port="49152-65534" protocol="17" action="accept"/>
</rule-set>
</syntaxhighlight>
 
 
editor
426

edits