yum update
sed -i 's/(^SELINUX=)./\SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/(^SELINUX=)./\SELINUX=disabled/' /etc/selinux/config
sestatus
reboot
sestatus
sudo yum install httpd
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
sudo systemctl enable httpd.service
sudo systemctl start httpd.service
Check for current firewall rules:
sudo iptables -L
Create /etc/iptables.firewall.rules using your preferred text editor. This file will be used to activate the firewall with the desired rules.
*filter
Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
Allow SSH connections
The -dport number should be the same port number you set in sshd_config, ie 8050
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up"
-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p udp -m udp --dport 5061 -j ACCEPT
IAX2- the IAX protocol - comment out if you don't plan to use IAX
-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
IAX - old IAX protocol, uncomment if needed for legacy systems.
-A INPUT -p udp -m udp --dport 5036 -j ACCEPT
RTP - the media stream - you can change this in /etc/asterisk/rtp.conf
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
MGCP - if you use media gateway control protocol in your configuration
-A INPUT -p udp -m udp --dport 2727 -j ACCEPT
Uncomment these lines if you plan to use FreePBX to manage Asterisk
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
Start Firewall at BootPermalink
Install iptables-services, then enable and start it:
sudo yum install iptables-services
sudo systemctl enable iptables
sudo systemctl start iptables
Load the firewall rules:
sudo iptables-restore < /etc/iptables.firewall.rules
Recheck the Linode’s firewall rules:
sudo iptables -L
Save this ruleset:
/usr/libexec/iptables/iptables.init save
Installing DependenciesPermalink
yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel
Install Asterisk 15
cd ..
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-15-current.tar.gz
tar -zxvf asterisk-15-current.tar.gz
mv asterisk-15.4.1 asterisk
cd asterisk
Enable MP3 Support
To use MP3 files for Music on Hold, some dependencies will need to be installed.
sudo yum install svn
contrib/scripts/get_mp3_source.sh
contrib/scripts/install_prereq install
./configure --with-pjproject-bundled --with-crypto --with-ssl=ssl --with-srtp
make menuselect
make
make install
make samples
make config
ldconfig
adduser --system --group --home /var/lib/asterisk --no-create-home --gecos "Asterisk PBX" asterisk
usermod -a -G dialout,audio asterisk
sudo service asterisk start
asterisk -rvv
core show help
exit
mv extensions.conf extensions.sample
mv sip.conf sip.sample
mv pjsip.conf pjsip.sample
extensions.conf
[public]
exten = 100,1,Goto(hello-world,s,1)
[default]
[hello-world]
exten = s,1,Answer()
same = n,Wait(1)
same = n,Playback(hello-world)
same = n,Hangup()
pjsip.conf
[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0
[6001]
type=endpoint
context=public
disallow=all
allow=ulaw
auth=6001
aors=6001
[6001]
type=auth
auth_type=userpass
password=password
username=6001
[6001]
type=aor
max_contacts=1
asterisk -rx "core restart now"
asterisk -rvvvvv