Today I found a bunch of these entries in my logs:
[2024-02-26 11:19:18] NOTICE[5678] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘“114” sip:114-jsdjdsjdswjdwdjwkde@192.168.233.235’ failed for ‘192.168.233.238:5064’ (callid: 394581594-5064-1@BJC.BGI.CDD.CDI) - No matching endpoint found
These all seem to be related to a new Yealink W70B I recently installed as that’s the common thread of all the internal numbers being tried. The callerid in that line seems to move between the following three choices and the port seems to move around between 5060 and 5068.
I thought I had IPtables set to not let much of anything in, starting around line 20 it looks like this:
DROP udp -- anywhere anywhere udp dpt:sip
DROP udp -- anywhere anywhere udp dpt:5160
ACCEPT all -- dns.google anywhere
ACCEPT all -- b.resolvers.level3.net anywhere
ACCEPT all -- c.resolvers.level3.net anywhere
ACCEPT all -- d.resolvers.level3.net anywhere
DROP all -- 128.0.0.0/1 anywhere
DROP all -- 0.0.0.0/1 anywhere
DROP all -- anywhere anywhere source IP range 0.0.0.0-255.255.255.255
Before that it only allows my providers and things related to the Linux and Asterisk update servers.
Here is what I think is the relevant part of iptables -L -nv. Everything past this is all drops which I think are already taken care of buy the drop lines just before the end.
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 76.168.134.0-76.168.134.254
931K 400M ACCEPT all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
692K 97M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.233.0-192.168.233.255
0 0 ACCEPT all -- * * 192.168.211.138 0.0.0.0/0
367 20293 ACCEPT all -- * * 192.168.211.38 0.0.0.0/0
0 0 ACCEPT all -- * * 64.154.41.150 0.0.0.0/0
0 0 ACCEPT all -- * * 76.164.171.238 0.0.0.0/0
0 0 ACCEPT all -- * * 34.226.36.32/28 0.0.0.0/0
0 0 ACCEPT all -- * * 34.210.91.112/28 0.0.0.0/0
124 24728 ACCEPT all -- * * 168.86.128.0/18 0.0.0.0/0
20 16340 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 54.172.60.0-54.172.60.3
109 139K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 54.244.51.0-54.244.51.3
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 208.78.112.64-208.78.112.66
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 67.213.136.64-67.213.136.66
0 0 ACCEPT all -- * * 67.213.136.64/26 0.0.0.0/0
0 0 ACCEPT all -- * * 208.78.112.64/26 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 34.203.250.0-34.203.250.255
208 58868 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5160
0 0 ACCEPT all -- * * 8.8.8.8 0.0.0.0/0
0 0 ACCEPT all -- * * 4.2.2.2 0.0.0.0/0
0 0 ACCEPT all -- * * 4.2.2.3 0.0.0.0/0
0 0 ACCEPT all -- * * 4.2.2.4 0.0.0.0/0
1663 418K DROP all -- * * 128.0.0.0/1 0.0.0.0/0
7327 2382K DROP all -- * * 0.0.0.0/1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 0.0.0.0-255.255.255.255
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.1
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Sorry for the delayed response. You said “relevant part” but there could be somewhere else in there where packets are allowed. Can you post your entire output? Also what is the output of iptables-save?
Not an issue at all, I’m always grateful for help. A question, 2 of the last lines I posted:
1663 418K DROP all -- * * 128.0.0.0/1 0.0.0.0/0
7327 2382K DROP all -- * * 0.0.0.0/1 0.0.0.0/0
Seem to have caught all the remaining packets as ever line past that shows zero packets and zero bytes. Or am I possibly missing something. I was under the impression that that second line would catch and drop everything? Here is the output of iptables-save.
# Generated by iptables-save v1.8.7 on Wed Mar 6 09:53:26 2024
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1201204:661870059]
-A INPUT -m iprange --src-range 76.168.134.0-76.168.134.254 -j DROP
-A INPUT -i enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -m iprange --src-range 192.168.233.0-192.168.233.255 -j ACCEPT
-A INPUT -s 192.168.211.138/32 -j ACCEPT
-A INPUT -s 192.168.211.38/32 -j ACCEPT
-A INPUT -s 64.154.41.150/32 -j ACCEPT
-A INPUT -s 76.164.171.238/32 -j ACCEPT
-A INPUT -s 34.226.36.32/28 -j ACCEPT
-A INPUT -s 34.210.91.112/28 -j ACCEPT
-A INPUT -s 168.86.128.0/18 -j ACCEPT
-A INPUT -m iprange --src-range 54.172.60.0-54.172.60.3 -j ACCEPT
-A INPUT -m iprange --src-range 54.244.51.0-54.244.51.3 -j ACCEPT
-A INPUT -m iprange --src-range 208.78.112.64-208.78.112.66 -j ACCEPT
-A INPUT -m iprange --src-range 67.213.136.64-67.213.136.66 -j ACCEPT
-A INPUT -s 67.213.136.64/26 -j ACCEPT
-A INPUT -s 208.78.112.64/26 -j ACCEPT
-A INPUT -m iprange --src-range 34.203.250.0-34.203.250.255 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060 -j DROP
-A INPUT -p udp -m udp --dport 5160 -j DROP
-A INPUT -s 8.8.8.8/32 -j ACCEPT
-A INPUT -s 4.2.2.2/32 -j ACCEPT
-A INPUT -s 4.2.2.3/32 -j ACCEPT
-A INPUT -s 4.2.2.4/32 -j ACCEPT
-A INPUT -s 128.0.0.0/1 -j DROP
-A INPUT -s 0.0.0.0/1 -j DROP
-A INPUT -m iprange --src-range 0.0.0.0-255.255.255.255 -j DROP
-A INPUT -j LOG
-A INPUT -s 87.0.0.0/8 -j DROP
-A INPUT -m iprange --src-range 76.168.134.0-76.168.134.254 -j DROP
-A INPUT -s 201.0.0.0/8 -j DROP
-A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP
-A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP
-A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP
-A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP
-A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP
-A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP
-A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP
-A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP
-A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP
-A INPUT -m iprange --src-range 89.255.0.0-89.255.63.255 -j DROP
-A INPUT -m iprange --src-range 38.99.27.1-38.99.27.254 -j DROP
-A INPUT -m iprange --src-range 23.239.69.226-23.239.69.226 -j DROP
-A INPUT -s 2.0.0.0/7 -j DROP
-A INPUT -s 5.0.0.0/8 -j DROP
-A INPUT -s 6.0.0.0/8 -j DROP
-A INPUT -s 7.0.0.0/8 -j DROP
-A INPUT -s 9.0.0.0/8 -j DROP
-A INPUT -s 10.0.0.0/7 -j DROP
-A INPUT -s 12.0.0.0/6 -j DROP
-A INPUT -s 23.0.0.0/8 -j DROP
-A INPUT -s 32.0.0.0/3 -j DROP
-A INPUT -s 37.0.0.0/8 -j DROP
-A INPUT -s 45.0.0.0/8 -j DROP
-A INPUT -s 62.0.0.0/8 -j DROP
-A INPUT -s 64.0.0.0/8 -j DROP
-A INPUT -s 66.0.0.0/8 -j DROP
-A INPUT -s 69.0.0.0/8 -j DROP
-A INPUT -s 71.0.0.0/8 -j DROP
-A INPUT -s 72.0.0.0/7 -j DROP
-A INPUT -s 75.0.0.0/8 -j DROP
-A INPUT -s 76.0.0.0/6 -j DROP
-A INPUT -s 80.0.0.0/4 -j DROP
-A INPUT -s 82.0.0.0/8 -j DROP
-A INPUT -s 85.0.0.0/8 -j DROP
-A INPUT -s 96.0.0.0/4 -j DROP
-A INPUT -s 112.0.0.0/5 -j DROP
-A INPUT -s 121.0.0.0/8 -j DROP
-A INPUT -s 122.0.0.0/7 -j DROP
-A INPUT -s 124.0.0.0/6 -j DROP
-A INPUT -s 128.0.0.0/7 -j DROP
-A INPUT -s 130.0.0.0/8 -j DROP
-A INPUT -s 132.0.0.0/6 -j DROP
-A INPUT -s 136.0.0.0/7 -j DROP
-A INPUT -s 139.0.0.0/8 -j DROP
-A INPUT -s 140.0.0.0/8 -j DROP
-A INPUT -s 142.0.0.0/8 -j DROP
-A INPUT -s 143.0.0.0/8 -j DROP
-A INPUT -s 144.0.0.0/4 -j DROP
-A INPUT -s 160.0.0.0/5 -j DROP
-A INPUT -s 168.0.0.0/8 -j DROP
-A INPUT -s 170.0.0.0/7 -j DROP
-A INPUT -s 176.0.0.0/4 -j DROP
-A INPUT -s 188.0.0.0/8 -j DROP
-A INPUT -s 192.99.0.0/16 -j DROP
-A INPUT -s 192.187.96.0/19 -j DROP
-A INPUT -s 193.0.0.0/8 -j DROP
-A INPUT -s 194.0.0.0/7 -j DROP
-A INPUT -s 196.0.0.0/7 -j DROP
-A INPUT -s 199.0.0.0/8 -j DROP
-A INPUT -s 200.0.0.0/6 -j DROP
-A INPUT -s 205.0.0.0/8 -j DROP
-A INPUT -s 206.0.0.0/7 -j DROP
-A INPUT -s 209.0.0.0/8 -j DROP
-A INPUT -s 210.0.0.0/7 -j DROP
-A INPUT -s 212.0.0.0/7 -j DROP
-A INPUT -s 217.0.0.0/8 -j DROP
-A INPUT -s 218.0.0.0/7 -j DROP
-A INPUT -s 220.0.0.0/6 -j DROP
-A INPUT -s 224.0.0.0/3 -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -d 224.0.0.1/32 -j DROP
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT