WARNING: be very careful when editing IPTables firewall rules. It is relatively easy to completely disable access to your machine.
All Sysadminman VPSs come with IPTables enabled. However to allow for VOIP traffic both SIP and IAX ports are opened.
If you know that your VOIP providers and all extensions are on fixed IP addresses then it is possible to limit connections to just those addresses.
First let’s list all the VOIP traffic rules that are set up –
The extract above just show’s the sip, sip-tls and iax2 rules.
Now let’s delete those rules. Warning! All SIP/IAX2 traffic will be blocked as soon as you run this! Note that your line numbers may be different. Make sure that you delete them in reverse number order or the numbers will change as you delete them.
Don’t delete this rule if you use SIP as it is what opens the high port numbers for the actual voice/media stream –
Now, let’s assume that our SIP provider is at 220.127.116.11 and our extensions are at 18.104.22.168. Let’s allow access from those numbers for SIP.
All lines are inserted at rule 10 and get shuffled up –
Let’s check that those rules look OK (again, only listed here are the VOIP traffic rules) –
Now test that everything is working as you expect. If it is you can save the rules so that they are loaded next time you reboot –
If you make a mistake while editing the rules then just restart iptables to restore your old rules. Note that you can only do this before you save your new rules!