Chain INPUT (policy ACCEPT 339 packets, 27808 bytes)
pkts bytes target prot opt in out source destination
13 5871 f2b-asterisk-udp udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
0 0 f2b-asterisk-tcp tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
322 20348 f2b-sshd tcp -- * * 0.0.0.0/0
0 0 DROP all -- * * 185.108.0.0/16
0 0 DROP all -- * * 167.114.0.0/16 0.0.0.0/0
Chain f2b-asterisk-tcp (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 185.108.106.250 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-asterisk-udp (1 references)
pkts bytes target prot opt in out source destination
2 745 REJECT all -- * * 185.108.106.250 0.0.0.0/0 reject-with icmp-port-unreachable
11 5126 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
^Idx Method SIP From SIP To Msgs Source Destination
│ [ ] 14 REGISTER 9774@ip_astera 9774@ip_astera 1 185.108.106.250:56924 ip_astera:5060
│ [ ] 15 REGISTER 8226@ip_astera 8226@ip_astera 1 185.108.106.250:51935 ip_astera:5060
│ [ ] 16 SUBSCRIBE 101@ip_astera 101@ip_astera 2 ip_office:5060 ip_astera:5060
│ [ ] 17 INVITE 8401@ip_astera 000441902933818@51.38.131 12 167.114.17.187:51076 ip_astera:5060
Chain INPUT (policy ACCEPT 38 packets, 2336 bytes)
num pkts bytes target prot opt in out source destination
1 1298 586K f2b-asterisk-udp udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
2 0 0 f2b-asterisk-tcp tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
3 20119 1154K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
4 10 1706 DROP all -- * * 167.114.0.0/16 0.0.0.0/0
5 0 0 DROP all -- * * 185.108.0.0/16 0.0.0.0/0
6 10 5925 DROP all -- * * 81.222.0.0/16 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 34 packets, 4400 bytes)
num pkts bytes target prot opt in out source destination
Chain f2b-asterisk-tcp (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 185.108.106.250 0.0.0.0/0 reject-with icmp-port-unreachable
2 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-asterisk-udp (1 references)
num pkts bytes target prot opt in out source destination
1 210 78145 REJECT all -- * * 185.108.106.250 0.0.0.0/0 reject-with icmp-port-unreachable
2 1088 508K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 61.177.172.159 0.0.0.0/0 reject-with icmp-port-unreachable
2 0 0 REJECT all -- * * 61.177.172.142 0.0.0.0/0 reject-with icmp-port-unreachable
3 0 0 REJECT all -- * * 222.186.52.39 0.0.0.0/0 reject-with icmp-port-unreachable
4 9 540 REJECT all -- * * 222.186.30.59 0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- * * 222.186.30.112 0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 REJECT all -- * * 222.186.180.6 0.0.0.0/0 reject-with icmp-port-unreachable
7 0 0 REJECT all -- * * 222.186.175.216 0.0.0.0/0 reject-with icmp-port-unreachable
8 0 0 REJECT all -- * * 222.186.175.154 0.0.0.0/0 reject-with icmp-port-unreachable
9 0 0 REJECT all -- * * 218.92.0.248 0.0.0.0/0 reject-with icmp-port-unreachable
10 123 16314 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy DROP 2 packets, 438 bytes)
num pkts bytes target prot opt in out source destination
1 28 2380 ACCEPT all -- * * my.ip 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 6 packets, 1416 bytes)
num pkts bytes target prot opt in out source destination
1 17 1872 ACCEPT all -- * * 0.0.0.0/0 my.ip
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 10000:40000 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -s 185.108.106.250 -j DROP
-A INPUT -i eth0 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 10000:40000 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet ip_astera/32 brd ip_astera scope global noprefixroute dynamic eth0
valid_lft 85460sec preferred_lft 85460sec
valid_lft forever preferred_lft forever
Chain INPUT (policy DROP 127 packets, 5313 bytes)
pkts bytes target prot opt in out source destination
7106 388K ACCEPT all -- * * 178.45.0.0/16 0.0.0.0/0 /* my lan */
6 1662 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
707 112K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
277 9004 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
37 2220 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
71 31826 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
19 711 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:40000
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 143 packets, 26824 bytes)
pkts bytes target prot opt in out source destination
26961 5052K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
iptables -A INPUT -s 178.45.0.0/16 -j ACCEPT -m comment --comment "ip doma"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 81.22.0.0 -j ACCEPT -m comment --comment "ip_tel_office"
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 178.45.0.0/16 -j ACCEPT -m comment --comment "ip doma"
iptables -A INPUT -s 81.22.0.0 -j ACCEPT -m comment --comment "ip_tel_office"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Chain PREROUTING (policy ACCEPT 250 packets, 21675 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 64 packets, 14870 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 31 packets, 2283 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 31 packets, 2283 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy DROP 226 packets, 18643 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 599 39932 ACCEPT all -- * * 178.45.0.0/16 0.0.0.0/0 /* home */
3 5 2962 ACCEPT all -- * * 81.22.1.1 0.0.0.0/0 /* office */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 555 packets, 123K bytes)
num pkts bytes target prot opt in out source destination
#!/bin/sh
# Пример очистки и удаления всех существующие правил и цепочек
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -t filter -X
iptables -t nat -X
iptables -t mangle -X
iptables -X
# Разрешим локальный интерфейс
iptables -A INPUT -i lo -j ACCEPT
# Разрешим тем кому доступ разрешен
iptables -A INPUT -s 178.45.0.0/16 -j ACCEPT -m comment --comment "home"
iptables -A INPUT -s 81.22.1.1 -j ACCEPT -m comment --comment "office"
# Запретим все входящие и проходящие соединения, разрешим все исходящие от сервера
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
^Idx Method SIP From SIP To Msgs Source Destination Call State
[ ] 1 NOTIFY 101@ip.astera ip.astera 10 ip.tel.office:5060 ip.astera:5060
[ ] 2 SUBSCRIBE 101@ip.astera 101@ip.astera 2 ip.tel.office:5060 ip.astera:5060
[ ] 3 OPTIONS 0783864@ip.astera 81.222.103.9 2 ip.astera:5060 81.222.103.9:5060
[ ] 4 OPTIONS asterisk@ip.astera 102@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 5 REGISTER 4520@ip.astera 4520@ip.astera 1 185.108.106.250:64513 ip.astera:5060
[ ] 6 OPTIONS asterisk@ip.astera 103@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 7 OPTIONS asterisk@ip.astera 101@192.168.1.124:5060 2 ip.astera:5060 ip.tel.office:5060
[ ] 8 REGISTER 102@ip.astera 102@ip.astera 4 ip.tel.office:1026 ip.astera:5060
[ ] 9 OPTIONS asterisk@ip.astera 102@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 10 REGISTER 103@ip.astera 103@ip.astera 4 ip.tel.office:1026 ip.astera:5060
[ ] 11 OPTIONS asterisk@ip.astera 103@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 12 REGISTER 2772@ip.astera 2772@ip.astera 1 185.108.106.250:60400 ip.astera:5060
[ ] 13 SUBSCRIBE 101@ip.astera 101@ip.astera 2 ip.tel.office:5060 ip.astera:5060
[ ] 14 OPTIONS asterisk@ip.astera 195.34.37.35 2 ip.astera:5060 195.34.37.35:5060
[ ] 15 REGISTER 1156@ip.astera 1156@ip.astera 1 185.108.106.250:56270 ip.astera:5060
[ ] 16 INVITE 14001@ip.astera 900441902933818@51.38.131 1 167.114.17.187:57894 ip.astera:5060 CALL SETUP