Topic: Firewall rule with sail

[portedaix]

Hello,

My sip provider is ovh, france. I have this line "chan_sip.c:7289 determine_firstline_parts: Bad request protocol Packet" coming up in asterisk cli. I saw at least another adsl box sip line provider creating this message (freephonie france). It seems to be harmless to asterisk, just a package which should be droped silently. But my log file is getting quite fat ! And cli reading is not nice. asterisk-1.6 did not display it. But it is not compatible with sail.

The only fix I found is to enter the rule
                'iptables -I INPUT -p udp --src 123.123.123.123 --dport 5060 -m string --algo bm --string "Cirpack KeepAlive" -j DROP Packet'
But with sme and its templates, I do not know how to fix it. Any idea not to see this message again ?

Thanks for any hint.
Olivier

[janet]

portedaix

Add your rule to a custom template for masq.
See
http://wiki.contribs.org/Template_Tutorial

[CharlieBrady]

The only fix I found is to enter the rule
                'iptables -I INPUT -p udp --src 123.123.123.123 --dport 5060 -m string --algo bm --string "Cirpack KeepAlive" -j DROP Packet'
But with sme and its templates, I do not know how to fix it.

I do not think SME includes the string match iptables module, so I don't think templates will be sufficient.

[CharlieBrady]

A patch is available for Asterix.

http://lists.digium.com/pipermail/asterisk-dev/2006-May/021033.html

If the only problem is that your log file is becoming large, then just add rules to rotate it more often. Or just ignore it if your disk is large enough.