Asterisk security problem

Hi All,
I have just purchased a new server,installed asterisk on it and gave it a public IP.
Its not behind any fire wall( i know its not good).
Problem which i am facing is that i m getting hits from different IP’s on my server,other people are trying to dial-out from my Asterisk-Box.
But unfortunately there is no pattern found in default context so Notice appears,

Call from ‘’ ( to extension ‘9011972598377238’ rejected because extension not found in context ‘test’.(default context is test).

So how can i set my asterisk Box, so that Box will not authenticate IP’s which are not SIP peer to my asterisk server.
Only SIP peers are allowed to dial-out.

P.S: i have modified the following variables in [general] still no success.
deny =
permit=X.X.X.X/ (only my peer IP is permitted)

I don’t want to writeIPTABLES rules,is there any variable available in asterisk which can help me out.
Please help me out.
Many Thanks.

permit and deny cannot be used in the general section.

Generally though you should defend in depth, so you should use iptables.

Thanks David,
So why asterisk entertains every invite.i mean is it not a security breach?
it should only allow specific IP’s to get into the BOX.
I am newbie but i ca n see that FreeSwitch in providing ACL, allow only the specific IP’s.

So you mean to say IPTABLES is the only savior for me?
Many thanks.

Because permit and deny are being ignored, because they are not valid where you have put them.

Hi David,
That was my mistake, i made that correct.
but i think that permit deny will not help me out,as we specify them under the peer definition.
but i am getting hits from IP’s which are not using my peer definition(not properly registered with my server).
I know i am taking your precious time.Please help me out.

Thanks Heaps
Bilal Abbasi.

allowguest=no should reject those, but you will still get something logged.

fail2ban could help you. Also changing the default port (5060) for a a different one will help you a lot…