For some time now the installer has been missing what I describe as iptables essentials. I have also attached the file for convenience but if you do just transfer it, remember to remove the .txt extension.
The rules have now been added back to the main installer but for anyone with an existing recent install, ie one that has a file called /etc/iptables/rules.v4 you may want to replace it completely with the following:
Once you have replaced this file do the following to activate:
The rules have now been added back to the main installer but for anyone with an existing recent install, ie one that has a file called /etc/iptables/rules.v4 you may want to replace it completely with the following:
Code:
# Generated by iptables-save v1.4.21 on Sun Jan 15 21:53:44 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [71:9061]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
-A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm
-A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
-A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
-A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm
-A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
-A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
-A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm
-A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
-A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
-A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm
-A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060:5061 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5061 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5080:5081 -j ACCEPT
-A INPUT -p udp -m udp --dport 5080:5081 -j ACCEPT
-A INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
COMMIT
# Completed on Sun Jan 15 21:53:44 2017
Once you have replaced this file do the following to activate:
Code:
iptables-restore < /etc/iptables/rules.v4