[Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3

Hohl Matthias matthias.hohl at telematica.at
Tue Apr 2 11:33:03 EDT 2019



How can i check what is all under “RELATED, ESTABLISHED”..?


I use the eth1 interface just for my peering.

So I defined a extra socket with the eth1 IP address in the config.yml and set this for outbound socket in my peering settings and also use the rtp interface rtp_eth1_peering in the peering settings for rtp traffic.

Is this just a “related, established” case?


The peering itself is connected via ip authentication.


Von: Richard Fuchs <rfuchs at sipwise.com> 
Gesendet: Dienstag, 2. April 2019 17:19
An: Hohl Matthias <matthias.hohl at telematica.at>; spce-user at lists.sipwise.com
Betreff: Re: AW: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3


On 02/04/2019 11.04, Hohl Matthias wrote:



this i have to add in the config.yml file unter security > firewall > rules4   right?


Funny thing… also if I have nothing there inside for my eth1 I can place calls and receive calls over this eth1… and also ping it etc… like there is everything accepted???

Ping is always allowed due to:

    6   264 ACCEPT     icmp --  *      *              icmptype 8

    0     0 ACCEPT     icmp --  *      *              icmptype 0

SIP should not be allowed unless you happened to be using something that fell under:

2078  293K ACCEPT     all  --  *      *              state RELATED,ESTABLISHED

or was accepted by one of the other chains that you didn't post.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5585 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment-0001.p7s>

More information about the Spce-user mailing list