Claim your Biolink Click Here
0 like 0 dislike
340 views
in Education & Reference by (1.1k points) | 340 views

1 Answer

0 like 0 dislike

yum update
sed -i 's/(^SELINUX=)./\SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/(^SELINUX=).
/\SELINUX=disabled/' /etc/selinux/config
sestatus
reboot
sestatus
sudo yum install httpd
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
sudo systemctl enable httpd.service
sudo systemctl start httpd.service

Check for current firewall rules:

sudo iptables -L

Create /etc/iptables.firewall.rules using your preferred text editor. This file will be used to activate the firewall with the desired rules.


*filter

Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

Accept all established inbound connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow all outbound traffic - you can modify this to only allow certain traffic

-A OUTPUT -j ACCEPT

Allow SSH connections

The -dport number should be the same port number you set in sshd_config, ie 8050

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up"

-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p udp -m udp --dport 5061 -j ACCEPT

IAX2- the IAX protocol - comment out if you don't plan to use IAX

-A INPUT -p udp -m udp --dport 4569 -j ACCEPT

IAX - old IAX protocol, uncomment if needed for legacy systems.

-A INPUT -p udp -m udp --dport 5036 -j ACCEPT

RTP - the media stream - you can change this in /etc/asterisk/rtp.conf

-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

MGCP - if you use media gateway control protocol in your configuration

-A INPUT -p udp -m udp --dport 2727 -j ACCEPT

Uncomment these lines if you plan to use FreePBX to manage Asterisk

-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

Allow ping

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

Log iptables denied calls

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Drop all other inbound - default deny unless explicitly allowed policy

-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

Start Firewall at BootPermalink

Install iptables-services, then enable and start it:

sudo yum install iptables-services
sudo systemctl enable iptables
sudo systemctl start iptables

Load the firewall rules:

sudo iptables-restore < /etc/iptables.firewall.rules

Recheck the Linode’s firewall rules:

sudo iptables -L

Save this ruleset:

/usr/libexec/iptables/iptables.init save

Installing DependenciesPermalink

yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel

Install Asterisk 15

cd ..
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-15-current.tar.gz
tar -zxvf asterisk-15-current.tar.gz
mv asterisk-15.4.1 asterisk
cd asterisk

Enable MP3 Support

To use MP3 files for Music on Hold, some dependencies will need to be installed.

sudo yum install svn
contrib/scripts/get_mp3_source.sh
contrib/scripts/install_prereq install
./configure --with-pjproject-bundled --with-crypto --with-ssl=ssl --with-srtp
make menuselect
make
make install
make samples
make config
ldconfig
adduser --system --group --home /var/lib/asterisk --no-create-home --gecos "Asterisk PBX" asterisk
usermod -a -G dialout,audio asterisk
sudo service asterisk start
asterisk -rvv
core show help
exit

mv extensions.conf extensions.sample
mv sip.conf sip.sample
mv pjsip.conf pjsip.sample

extensions.conf


[public]
exten = 100,1,Goto(hello-world,s,1)
[default] [hello-world]
exten = s,1,Answer()
same = n,Wait(1)
same = n,Playback(hello-world)

same = n,Hangup()

pjsip.conf


[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0
[6001]
type=endpoint
context=public
disallow=all
allow=ulaw
auth=6001
aors=6001
[6001]
type=auth
auth_type=userpass
password=password
username=6001
[6001]
type=aor

max_contacts=1

asterisk -rx "core restart now"
asterisk -rvvvvv

by (1.6k points)

Related questions

1 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
0 answers
1 like 0 dislike
2 answers
0 like 0 dislike
1 answer
1 like 0 dislike
1 answer
0 like 0 dislike
1 answer
asked May 30, 2019 in Education & Reference by Marc (4.6k points) | 278 views
2 like 0 dislike
10 answers
asked Oct 23, 2018 in Education & Reference by Sam (1.6k points) | 1.5k views

Where your donation goes
Technology: We will utilize your donation for development, server maintenance and bandwidth management, etc for our site.

Employee and Projects: We have only 15 employees. They are involved in a wide sort of project works. Your valuable donation will definitely boost their work efficiency.

How can I earn points?
Awarded a Best Answer 10 points
Answer questions 10 points
Asking Question -20 points

1,308 questions
1,469 answers
568 comments
4,809 users