Using firewall in asterisk

Hi, I quite new to linux suse 9. I wanted to implement some firewall setting on my sip server. The problem is that i don’t know we to start. I’m thinking that if I implement such thing would block the connection(sip) to my other server/partners in other country. I have a boogey last time. How can I implement the firewall without affecting the asterisk,sip connection to other servers. How can I also allow a sshd connection to certain IP address.Here is what I’ve got the on the logs.

Nov 16 05:54:10 ss7box sshd[5496]: Failed password for illegal user magenta from ::ffff:61.43.153.30 port 46497 ssh2
Nov 16 05:54:11 ss7box sshd[5498]: Illegal user magenta from ::ffff:61.43.153.30
Nov 16 05:54:11 ss7box sshd[5498]: error: Could not get shadow information for NOUSER
Nov 16 05:54:11 ss7box sshd[5498]: Failed password for illegal user magenta from ::ffff:61.43.153.30 port 46571 ssh2
Nov 16 05:54:12 ss7box sshd[5500]: Illegal user maroon from ::ffff:61.43.153.30
Nov 16 05:54:12 ss7box sshd[5500]: error: Could not get shadow information for NOUSER
Nov 16 05:54:12 ss7box sshd[5500]: Failed password for illegal user maroon from ::ffff:61.43.153.30 port 46639 ssh2
Nov 16 05:54:13 ss7box sshd[5502]: Illegal user maroon from ::ffff:61.43.153.30
Nov 16 05:54:13 ss7box sshd[5502]: error: Could not get shadow information for NOUSER

Please help me on this one. Thank you very much in advance.

Best regards,
newbie_aste

By default Asterisk uses the following ports for different services. If you close the firewall on your server for one of these ports it will cause that service to stop working.

SIP runs on UDP port 5060.
In addition SIP needs UDP ports 10000 - 20000 open for RTP media transport.
IAX2 runs on port UDP 4569.
MGCP runs on port UDP 2427.
The Asterisk manager interface runs on TCP port 5038.
Skinny runs on TCP port 2000.
DUNDI runs on UDP port 4520.
SSH runs on port 22.

Of course you can change any of these in the config files. If you aren’t using s service, you do not need to leave the firewall ports open. If you are using a service, make sure it is accessible through the firewall.

Dan