<div dir="ltr">Mike,<div><br></div><div>Você posssui 1 ou 2 interfaces de rede no asterisk? </div><div><br></div><div>Abraço!</div><div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/7/25 Mike <span dir="ltr"><<a href="mailto:mikeedede@hotmail.com" target="_blank">mikeedede@hotmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="PT-BR" link="blue" vlink="purple"><div><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><div><div><p class=""><b><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Senhores!<u></u><u></u></span></b></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Andei pesquisando no google e nos sites em que abriu.<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Não tive muito sucesso na instalação do fail2ban ainda mas sofro com várias tentativas de invasão.<u></u><u></u></span></p><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Tenho uma central pabx com centos instalada nela e 2 filiais conectadas nela. Gostaria da ajuda para saber<u></u><u></u></span></p><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Como faço para bloquear no iptables todos e quaisquer outro acesso, liberando apenas os ips que tenho nas filiais.<u></u><u></u></span></p><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Não tenho muitas habilidades, mas tentei bloquear tudo com o comando<u></u><u></u></span></p><p class=""><i><span lang="EN-US" style="font-size:10pt;font-family:'Courier New'">iptables -P INPUT DROP<u></u><u></u></span></i></p>
<p class=""><i><span lang="EN-US" style="font-size:10pt;font-family:'Courier New'">iptables -P OUTPUT DROP<u></u><u></u></span></i></p><p class=""><i><span lang="EN-US" style="font-size:10pt;font-family:'Courier New'">iptables -P FORWARD DROP</span></i><span lang="EN-US" style="font-size:10pt;font-family:'Courier New'"><u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Mas não consegui acesso mais das filiais na central.<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Estou usando a seguinte regra no momento...<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"># Firewall configuration written by system-config-firewall<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"># Manual customization of this file is not recommended.<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">*filter<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">:INPUT ACCEPT [0:0]<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">:FORWARD ACCEPT [0:0]<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">:OUTPUT ACCEPT [0:0]<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -p icmp -j ACCEPT<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -i lo -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 222.111.232.242 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 222.39.89.179 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 173.242.117.162 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 184.154.106.2 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 216.244.89.19 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 196.14.16.190 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 91.218.229.42 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 85.25.100.41 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 211.144.65.17 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 198.143.187.146 -j DROP <u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 5.9.193.195 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 5.9.199.173 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 5.9.193.197 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 91.229.220.20 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 198.143.175.2 -j DROP<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -s 211.144.65.17 -j DROP<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 25322 -j ACCEPT<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 25380 -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m tcp -p tcp --dport 5038:5039 -j ACCEPT<u></u><u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -m state --state NEW -m udp -p udp --dport 1:65535 -j ACCEPT<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A INPUT -j REJECT --reject-with icmp-host-prohibited<u></u><u></u></span></p>
<p class=""><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif">-A FORWARD -j REJECT --reject-with icmp-host-prohibited<u></u><u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif">COMMIT<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif">Agradeço se alguém puder ajudar.<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif">Grato.<span class=""><font color="#888888"><u></u><u></u></font></span></span></p>
<span class=""><font color="#888888"><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif">Mike.<u></u><u></u></span></p>
</font></span></div></div></div></div><br>_______________________________________________<br>
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.<br>
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br></blockquote></div>
<br><br clear="all"><div><br></div>-- <br><br>Alejandro Flores<br>
Office: 81 3031-4595<br>
Mobile: 81 8210-0412<br><a href="http://www.triforsec.com.br/" target="_blank">http://www.triforsec.com.br/</a><br>
<a href="http://www.dialtelecom.com.br/" target="_blank">http://www.dialtelecom.com.br/</a>
</div></div></div>