Flexisip firewall rules
Last modified by François Grisez on 2020/04/14 11:52
If the default iptables ruleset will block SIP traffic, you need to allow it.
First, create a specific chain for Flexisip rules.
iptables -N flexisip-input-rules
# UDP/TCP on port 5060
iptables -A flexisip-input-rules -p udp -m udp --dport 5060 -j ACCEPT
# TLS on port 5061
iptables -A flexisip-input-rules -p tcp -m tcp --dport 5061 -j ACCEPT
# STUN on port 3478
iptables -A flexisip-input-rules -p udp -m udp --dport 3478 -j ACCEPT
# RTP (if media relay is enabled)
iptables -A flexisip-input-rules -p udp -m udp --dport 10000:20000 -j ACCEPT
# UDP/TCP on port 5060
iptables -A flexisip-input-rules -p udp -m udp --dport 5060 -j ACCEPT
# TLS on port 5061
iptables -A flexisip-input-rules -p tcp -m tcp --dport 5061 -j ACCEPT
# STUN on port 3478
iptables -A flexisip-input-rules -p udp -m udp --dport 3478 -j ACCEPT
# RTP (if media relay is enabled)
iptables -A flexisip-input-rules -p udp -m udp --dport 10000:20000 -j ACCEPT
And then, add the new table into the INPUT chain, either by adding it at the end:
iptables -A INPUT -j flexisip-input-rules
or by inserting just before a given rule:
# inserting before the fourth rules
iptables -I INPUT 4 -j flexisip-input-rules
iptables -I INPUT 4 -j flexisip-input-rules