sample-configs.png

Enabling IP Tables

Enabling IP Tables is one of the many things that can be done to help secure your PBX. iptables is a linux firewall that can be setup on any CentOS or RHEL (Red Hat Enterprise Linux) system. Through the use of iptables you can have your phone system setup to only allow and/or block certain calls.

Configuration

To begin, check to see if you have any other rules present. This is done by entering iptables -L in the command line. Next enter iptables -P INPUT ACCEPT this will allow iptables to accept all rules.
After all rules have been allowed, you will flush out all old rules through the command iptables -F.
After flushing the old rules the iptables database will need to be wiped to ensure nothing is left over this is done by entering the command: iptables -X.

Now that iptables has been wiped and flushed, we will begin setting up our new rules

To see more information in iptables type in man iptables into the command line, this will give you some insight into some of the options inside IP Tables.
The first thing you need to do is allow your internal IP Address, local host, and any other provider information so that you will not be blocking yourself, or the provider.
  1. If you do not have root access enter sudo iptables -A INPUT -i lo -j Accept. This command will allow localhost to loopback into your local network.
  2. Next you will enter sudo iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT This command will allow DNS Lookup.
  3. Next enter your internal IP Address and the command sudo iptables -A INPUT -s (Internal IP Address/32) -j ACCEPT. This will allow your internal IP Address to be whitelisted.
  4. Next enter sudo iptables -A OUTPUT -P icmp --icmp-type echo-request -j DROP. This command will allow the server to see the pings but will not respond back, this is very good for troubleshooting.
  5. Next enter sudo iptables -P INPUT DROP This command will drop everything else.
  6. Next enter sudo iptables -L this will list all entries currently on the device
Final Thoughts

This setup is a simplified version, and can be made very complex by changing the order of how the rules are created.