https://wiki.webko.net.ua/index.php?action=history&feed=atom&title=Rules_for_iptables 2026-05-21T04:18:18Z История изменений этой страницы в вики MediaWiki 1.35.1 https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=596&oldid=prev 2019-01-04T08:02:37Z

<p>Sol переименовал страницу <a href="/index.php?title=Rules_fo_iptables" class="mw-redirect" title="Rules fo iptables">Rules fo iptables</a> в <a href="/index.php?title=Rules_for_iptables" title="Rules for iptables">Rules for iptables</a></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <tr class="diff-title" lang="ru"> <td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая</td> <td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия 08:02, 4 января 2019</td> </tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div> </td></tr></table>

Sol https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=386&oldid=prev 2016-02-18T18:20:12Z

<p></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="ru"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Версия 18:20, 18 февраля 2016</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l32" >Строка 32:</td> <td colspan="2" class="diff-lineno">Строка 32:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>-A INPUT -p udp -m set --match-set voip src -m udp -m multiport --dports 5060,4569,5036,2727,10000:20000 -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>-A INPUT -p udp -m set --match-set voip src -m udp -m multiport --dports 5060,4569,5036,2727,10000:20000 -j ACCEPT</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>ipset add voip x.y.x.y # <del class="diffchange diffchange-inline">добавит </del>доверенный адрес</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>ipset add voip x.y.x.y # <ins class="diffchange diffchange-inline">добавить </ins>доверенный адрес</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td></tr> </table>

Sol https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=385&oldid=prev 2016-02-18T18:19:11Z

<p></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="ru"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Версия 18:19, 18 февраля 2016</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l31" >Строка 31:</td> <td colspan="2" class="diff-lineno">Строка 31:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;syntaxhighlight lang=&quot;bash&quot;&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;syntaxhighlight lang=&quot;bash&quot;&gt;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>-A INPUT -p udp -m set --match-set voip src -m udp -m multiport --dports 5060,4569,5036,2727,10000:20000 -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>-A INPUT -p udp -m set --match-set voip src -m udp -m multiport --dports 5060,4569,5036,2727,10000:20000 -j ACCEPT</div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">ipset add voip x.y.x.y # добавит доверенный адрес</ins></div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td></tr> </table>

Sol https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=384&oldid=prev 2016-02-18T18:17:52Z

<p></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="ru"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Версия 18:17, 18 февраля 2016</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l30" >Строка 30:</td> <td colspan="2" class="diff-lineno">Строка 30:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Я бы рекомендовал использовать вместе с ipset, и пускал только с доверенных ip. Например:</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Я бы рекомендовал использовать вместе с ipset, и пускал только с доверенных ip. Например:</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;syntaxhighlight lang=&quot;bash&quot;&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;syntaxhighlight lang=&quot;bash&quot;&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">iptables </del>-<del class="diffchange diffchange-inline">I </del>INPUT -p udp -m udp -m -<del class="diffchange diffchange-inline">multiports </del>--<del class="diffchange diffchange-inline">dport 5060</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>-<ins class="diffchange diffchange-inline">A </ins>INPUT -p udp <ins class="diffchange diffchange-inline">-m set --match-set voip src </ins>-m udp -m <ins class="diffchange diffchange-inline">multiport </ins>--<ins class="diffchange diffchange-inline">dports 5060,4569,5036,2727,10000:20000 </ins>-<ins class="diffchange diffchange-inline">j ACCEPT</ins></div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td></tr> </table>

Sol https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=383&oldid=prev 2016-02-18T18:14:47Z

<p></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="ru"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Версия 18:14, 18 февраля 2016</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l28" >Строка 28:</td> <td colspan="2" class="diff-lineno">Строка 28:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;/syntaxhighlight&gt;</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Я бы рекомендовал использовать вместе с ipset, и пускал только с доверенных ip.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Я бы рекомендовал использовать вместе с ipset, и пускал только с доверенных ip. <ins class="diffchange diffchange-inline">Например:</ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">&lt;syntaxhighlight lang=&quot;bash&quot;&gt;</ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">iptables -I INPUT -p udp -m udp -m -multiports --dport 5060</ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">&lt;/syntaxhighlight&gt;</ins></div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div></td></tr> </table>

Sol https://wiki.webko.net.ua/index.php?title=Rules_for_iptables&diff=382&oldid=prev 2016-02-18T18:12:40Z

<p>Новая страница: «<a href="/index.php?title=%D0%9A%D0%B0%D1%82%D0%B5%D0%B3%D0%BE%D1%80%D0%B8%D1%8F:VoIP" title="Категория:VoIP">Категория:VoIP</a> Стандартные правила для iptables &lt;syntaxhighlight lang=&quot;bash&quot;&gt; # SIP on UDP port 5060. Other SIP servers may ne…»</p> <p><b>Новая страница</b></p><div>[[Категория:VoIP]]<br /> <br /> Стандартные правила для iptables <br /> &lt;syntaxhighlight lang=&quot;bash&quot;&gt;<br /> # SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well<br /> iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT<br /> # IAX2- the IAX protocol<br /> iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT<br /> # IAX - most have switched to IAX v2, or ought to<br /> iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT<br /> # RTP - the media stream<br /> # (related to the port range in /etc/asterisk/rtp.conf) <br /> iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT<br /> # MGCP - if you use media gateway control protocol in your configuration<br /> iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT<br /> &lt;/syntaxhighlight&gt;<br /> <br /> Более ухищренные <br /> &lt;syntaxhighlight lang=&quot;bash&quot;&gt;<br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;User-Agent: VaxSIPUserAgent&quot; --algo bm --to 65535 -j DROP <br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;User-Agent: friendly-scanner&quot; --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable <br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;REGISTER sip:&quot; --algo bm -m recent --set --name VOIP --rsource <br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;REGISTER sip:&quot; --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIP --rsource -j DROP <br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;INVITE sip:&quot; --algo bm -m recent --set --name VOIPINV --rsource <br /> iptables -I INPUT -p udp -m udp --dport 5060 -m string --string &quot;INVITE sip:&quot; --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIPINV --rsource -j DROP <br /> iptables -I INPUT -p udp -m hashlimit --hashlimit 6/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -m udp --dport 5060 -j ACCEPT <br /> iptables -I INPUT -p udp -m udp --dport 5060 -j DROP <br /> &lt;/syntaxhighlight&gt;<br /> <br /> Я бы рекомендовал использовать вместе с ipset, и пускал только с доверенных ip.<br /> Больше информации [http://www.voip-info.org/wiki/view/Asterisk+firewall+rules тут].</div>

Sol