[Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3

Hohl Matthias matthias.hohl at telematica.at
Tue Apr 2 11:33:03 EDT 2019


Hmm…

 

How can i check what is all under “RELATED, ESTABLISHED”..?

 

I use the eth1 interface just for my peering.

So I defined a extra socket with the eth1 IP address in the config.yml and set this for outbound socket in my peering settings and also use the rtp interface rtp_eth1_peering in the peering settings for rtp traffic.

Is this just a “related, established” case?

 

The peering itself is connected via ip authentication.

 

Von: Richard Fuchs <rfuchs at sipwise.com> 
Gesendet: Dienstag, 2. April 2019 17:19
An: Hohl Matthias <matthias.hohl at telematica.at>; spce-user at lists.sipwise.com
Betreff: Re: AW: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3

 

On 02/04/2019 11.04, Hohl Matthias wrote:

Hello,

 

this i have to add in the config.yml file unter security > firewall > rules4   right?

 

Funny thing… also if I have nothing there inside for my eth1 I can place calls and receive calls over this eth1… and also ping it etc… like there is everything accepted???

Ping is always allowed due to:

    6   264 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8

    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0

SIP should not be allowed unless you happened to be using something that fell under:

2078  293K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

or was accepted by one of the other chains that you didn't post.

Cheers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5585 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment.p7s>


More information about the Spce-user mailing list