If you setup Asterisk as some sort of SBC, it would be either doing registration with your upstream providers or if you had a static IP, they (like Gamma) would use IP auth. In either case, you don’t need to be able to read in or accept (inward) any REGISTER sip message.
Like allowsubscribe=no, is there something like that for REGISTER?
Remembering… this box will still have to make use of the REGISTER construct for it to inform its possible upstream providers of your own IP address.
If I add deny=0.0.0.0/0.0.0.0 to the general section, and then open up an allow=X.X.X.X for each of the ISP sip trunks, would that achieve the same results?
ha ha David, ok look, when you open UPD port 5060, you’ll get all sorts of attempts… 50% of them are REGISTER attempts, and the other 50% are INVITE requests.
All I really want to do is to reduce the spam on the port 5060, but I have to have the ports open, and I’m looking at ways to do this without using iptables etc to allow/disallow communications. (This would move security from application level to system level and involve different teams, and slow down operations)
you can reduce register attempts, you can change default 5060 port, also install fail2ban to block failed attempts, also iptables in case you can whitelist range of IP