^Idx Method SIP From SIP To Msgs Source Destination Call State
[ ] 1 NOTIFY 101@ip.astera ip.astera 10 ip.tel.office:5060 ip.astera:5060
[ ] 2 SUBSCRIBE 101@ip.astera 101@ip.astera 2 ip.tel.office:5060 ip.astera:5060
[ ] 3 OPTIONS 0783864@ip.astera 81.222.103.9 2 ip.astera:5060 81.222.103.9:5060
[ ] 4 OPTIONS asterisk@ip.astera 102@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 5 REGISTER 4520@ip.astera 4520@ip.astera 1 185.108.106.250:64513 ip.astera:5060
[ ] 6 OPTIONS asterisk@ip.astera 103@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 7 OPTIONS asterisk@ip.astera 101@192.168.1.124:5060 2 ip.astera:5060 ip.tel.office:5060
[ ] 8 REGISTER 102@ip.astera 102@ip.astera 4 ip.tel.office:1026 ip.astera:5060
[ ] 9 OPTIONS asterisk@ip.astera 102@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 10 REGISTER 103@ip.astera 103@ip.astera 4 ip.tel.office:1026 ip.astera:5060
[ ] 11 OPTIONS asterisk@ip.astera 103@192.168.1.118:5060 2 ip.astera:5060 ip.tel.office:1026
[ ] 12 REGISTER 2772@ip.astera 2772@ip.astera 1 185.108.106.250:60400 ip.astera:5060
[ ] 13 SUBSCRIBE 101@ip.astera 101@ip.astera 2 ip.tel.office:5060 ip.astera:5060
[ ] 14 OPTIONS asterisk@ip.astera 195.34.37.35 2 ip.astera:5060 195.34.37.35:5060
[ ] 15 REGISTER 1156@ip.astera 1156@ip.astera 1 185.108.106.250:56270 ip.astera:5060
[ ] 16 INVITE 14001@ip.astera 900441902933818@51.38.131 1 167.114.17.187:57894 ip.astera:5060 CALL SETUP
Chain INPUT (policy DROP 226 packets, 18643 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 599 39932 ACCEPT all -- * * 178.45.0.0/16 0.0.0.0/0 /* home */
3 5 2962 ACCEPT all -- * * 81.22.1.1 0.0.0.0/0 /* office */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 555 packets, 123K bytes)
num pkts bytes target prot opt in out source destination
#!/bin/sh
# Пример очистки и удаления всех существующие правил и цепочек
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -t filter -X
iptables -t nat -X
iptables -t mangle -X
iptables -X
# Разрешим локальный интерфейс
iptables -A INPUT -i lo -j ACCEPT
# Разрешим тем кому доступ разрешен
iptables -A INPUT -s 178.45.0.0/16 -j ACCEPT -m comment --comment "home"
iptables -A INPUT -s 81.22.1.1 -j ACCEPT -m comment --comment "office"
# Запретим все входящие и проходящие соединения, разрешим все исходящие от сервера
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Chain PREROUTING (policy ACCEPT 250 packets, 21675 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 64 packets, 14870 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 31 packets, 2283 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 31 packets, 2283 bytes)
pkts bytes target prot opt in out source destination
iptables -A INPUT -s 178.45.0.0/16 -j ACCEPT -m comment --comment "ip doma"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 81.22.0.0 -j ACCEPT -m comment --comment "ip_tel_office"
Chain INPUT (policy DROP 127 packets, 5313 bytes)
pkts bytes target prot opt in out source destination
7106 388K ACCEPT all -- * * 178.45.0.0/16 0.0.0.0/0 /* my lan */
6 1662 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
707 112K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
277 9004 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
37 2220 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
71 31826 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
19 711 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:40000
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 143 packets, 26824 bytes)
pkts bytes target prot opt in out source destination
26961 5052K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet ip_astera/32 brd ip_astera scope global noprefixroute dynamic eth0
valid_lft 85460sec preferred_lft 85460sec
valid_lft forever preferred_lft forever
Chain INPUT (policy DROP 2 packets, 438 bytes)
num pkts bytes target prot opt in out source destination
1 28 2380 ACCEPT all -- * * my.ip 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 6 packets, 1416 bytes)
num pkts bytes target prot opt in out source destination
1 17 1872 ACCEPT all -- * * 0.0.0.0/0 my.ip
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 61.177.172.159 0.0.0.0/0 reject-with icmp-port-unreachable
2 0 0 REJECT all -- * * 61.177.172.142 0.0.0.0/0 reject-with icmp-port-unreachable
3 0 0 REJECT all -- * * 222.186.52.39 0.0.0.0/0 reject-with icmp-port-unreachable
4 9 540 REJECT all -- * * 222.186.30.59 0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- * * 222.186.30.112 0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 REJECT all -- * * 222.186.180.6 0.0.0.0/0 reject-with icmp-port-unreachable
7 0 0 REJECT all -- * * 222.186.175.216 0.0.0.0/0 reject-with icmp-port-unreachable
8 0 0 REJECT all -- * * 222.186.175.154 0.0.0.0/0 reject-with icmp-port-unreachable
9 0 0 REJECT all -- * * 218.92.0.248 0.0.0.0/0 reject-with icmp-port-unreachable
10 123 16314 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0