allow only certain iptable string User-Agent

charly78 · 02-03-2016, 11:50 PM

I have a Asterisk phone server and I get attacked every so often and I have all sorts of things that stop the attacks but recently am looking for a way to do with with User-Agent string and have all my external phones use a manipulated User agent and only allow user agents that are well what I allow..

I have no idea how to do this..

how do I drop all user agents

i know I could easily do
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string "User-Agent: cUStoM123TT" -j ACCEPT

but how do I start by dropping all unknown * User-Agent

how do I properly write this . Does anyone see any issues i would have with this?. would this work?

paul2015 · 02-04-2016, 01:12 AM

sorry I dont understan well what you have wrote but what if you set default policy to drop everything and allow what you want.

rknichols · 02-04-2016, 08:52 AM

Quote:

Originally Posted by charly78

I have a Asterisk phone server and I get attacked every so often and I have all sorts of things that stop the attacks but recently am looking for a way to do with with User-Agent string and have all my external phones use a manipulated User agent and only allow user agents that are well what I allow..

I have no idea how to do this..

how do I drop all user agents

i know I could easily do
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string "User-Agent: cUStoM123TT" -j ACCEPT

but how do I start by dropping all unknown * User-Agent

Simplistic solution: Immediately after that rule add one that reads

Code:

iptables -A INPUT -p udp --dport 5060 -j REJECT