Allow calls from from particular IPs

I have been facing hacking issue on my LD PSTN can anyone help me what should I do with configuration

  1. deny=
    permit= ( where I need to do this code in extension.conf or sip.conf)
  2. Do I need to change default port 5060 to new port and I think this need to be in sip.conf

deny, permit, and port all go in sip.conf.

Personally, I prefer to do access control with iptables. It just seems ‘better’ to stop them at the front door.

If you only accept SIP from a known list, a white list – oops accept list followed by a blanket deny should be effective.

If your environment is too dynamic for an accept list, you can use a tool like fail2ban with good results.

I’ve never bothered with changing the port number, but it will eliminate a certain class of hacker.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.