[Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3
Hohl Matthias
matthias.hohl at telematica.at
Tue Apr 2 11:33:03 EDT 2019
Hmm…
How can i check what is all under “RELATED, ESTABLISHED”..?
I use the eth1 interface just for my peering.
So I defined a extra socket with the eth1 IP address in the config.yml and set this for outbound socket in my peering settings and also use the rtp interface rtp_eth1_peering in the peering settings for rtp traffic.
Is this just a “related, established” case?
The peering itself is connected via ip authentication.
Von: Richard Fuchs <rfuchs at sipwise.com>
Gesendet: Dienstag, 2. April 2019 17:19
An: Hohl Matthias <matthias.hohl at telematica.at>; spce-user at lists.sipwise.com
Betreff: Re: AW: [Spce-user] Possible Bug? - NGCP Firewall in mr6.5.3
On 02/04/2019 11.04, Hohl Matthias wrote:
Hello,
this i have to add in the config.yml file unter security > firewall > rules4 right?
Funny thing… also if I have nothing there inside for my eth1 I can place calls and receive calls over this eth1… and also ping it etc… like there is everything accepted???
Ping is always allowed due to:
6 264 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
SIP should not be allowed unless you happened to be using something that fell under:
2078 293K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
or was accepted by one of the other chains that you didn't post.
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5585 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190402/3fa2d779/attachment-0001.p7s>
More information about the Spce-user
mailing list