WARNING: be very careful when editing IPTables firewall rules. It is relatively easy to completely disable access to your machine.
All Sysadminman VPSs come with IPTables enabled. However to allow for VOIP traffic both SIP and IAX ports are opened.
If you know that your VOIP providers and all extensions are on fixed IP addresses then it is possible to limit connections to just those addresses.
If you have upgraded your version of Asterisk and find that your IAX2 extensions no longer work then the cause could be a change to the IAX protocol. This was made to resolve a security issue that could result in a denial of service attack.
You will see this error in the Asterisk log file if you are suffering from this issue –
chan_iax2.c: Call rejected, CallToken Support required.
If you use FreePBX then Asterisk can be made to function the same as before by adding the following 2 lines to /etc/asterisk/iax_general_custom.conf –
calltokenoptional = 0.0.0.0/0.0.0.0
maxcallnumbers = 16382
You will also need to do a –
or restart Asterisk for the changes to take effect.
More information about the reason for this change and the implications for disabling call token checking can be found here –