Asterisk Firewall- VM to email not working

Hi,

I am running CentOS and Asterisk 1.4.22.1 on my system. I am configuring firewall, after applying firewall, mu voicemail to email is not working… I have opened all ports for mail server.

Please help…

#!/bin/bash
iptables -F
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -s 4.2.2.2 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 585 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT

iptables -A INPUT -p tcp -s x.x.x.x --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 8088 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 9001 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 4000:4999 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 4569 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 5038 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT

iptables -P OUTPUT ACCEPT

service iptables save
iptables -L

DNS?

Hi,

I have included DNS to… line which has 4.2.2.2

You want -sport=25 to originate SMTP. However that isn’t really secure, so you also want to reject any syn’s without ack’s from this port, if you are not prepared to allow all unprivileged dport’s.

Thanks a lot for your reply…It worked :smile:

can u plz explain why is it not secure???

Because it allows an attacker to connect to any internal service by using 25 as the source port.

To do so they have to send a syn without an ack, to start the connection.