Tag Archives: iptables

Allowing TFTP access on a SysAdminMan Trixbox server

By default access to UDP port 69, that is used for TFTP, is blocked by iptables (firewall) on SysAdminMan VPS server. This needs opening if you want to use Endpoint Manager to configure your compatible handsets.

When allowing TFTP access we only want to allow fixed IP addresses as there is no security provided by TFTP. You will probably also want to allow NTP (network time protocol) access to allow your Asterisk server to set the correct time on the phone, so we also open port 123.

Run the following commands while logged on as root. Replacing the address ( with your own public IP address –

# iptables -I INPUT 1 -s -p udp --dport 69 -j ACCEPT

# iptables -I INPUT 1 -s -p udp --dport 123 -j ACCEPT

# service iptables save

Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]

Limiting SIP/IAX connections to Asterisk with IPTables

WARNING: be very careful when editing IPTables firewall rules. It is relatively easy to completely disable access to your machine.

All Sysadminman VPSs come with IPTables enabled. However to allow for VOIP traffic both SIP and IAX ports are opened.

If you know that your VOIP providers and all extensions are on fixed IP addresses then it is possible to limit connections to just those addresses.

Continue reading

iptables for Asterisk and FreePBX

If you’ve installed Asterisk and FreePBX, or you’re using one of the preconfigured distributions such as Trixbox or Elastix, a good idea is to have the linux firewall, iptables, running on your system. Here’s an example of how you could set this up.

First thing to note is that it’s pretty easy to lock your self out of your server when playing around with iptables! It’s best to take a couple of simple precautions in case this happens.

These instructions should apply to CentOS/Redhat/Fedora.

Continue reading

iptables for asterisk

If you’re running Asterisk on a VPS or a dedicated server then setting up your iptables firewall can be a tricky.

I thought I’d post my firewall script to help get you started. I save this script as /usr/local/bin/firewall.sh and then add a line to run it from /etc/rc.local

It allows SSH’ing to the machine plus rules required for SIP connections (you will need other rules if you use IAX) plus some basic “bad stuff” filtering.

I’ve commented it so, hopefully, you’ll be able to figure out and chages you need.

Continue reading