0 like 0 dislike
72 views
asked Jun 19 in Education & Reference by Neha (650 points) | 72 views
    

1 Answer

0 like 0 dislike

yum update
sed -i 's/(^SELINUX=)./\SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/(^SELINUX=).
/\SELINUX=disabled/' /etc/selinux/config
sestatus
reboot
sestatus
sudo yum install httpd
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
sudo systemctl enable httpd.service
sudo systemctl start httpd.service

Check for current firewall rules:

sudo iptables -L

#Create /etc/iptables.firewall.rules using your preferred text editor. This file will be used to activate the firewall with the desired rules.

*filter

Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

Accept all established inbound connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow all outbound traffic - you can modify this to only allow certain traffic

-A OUTPUT -j ACCEPT

Allow SSH connections

#

The -dport number should be the same port number you set in sshd_config, ie 8050

#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

SIP on UDP port 5060, 5061 for secure signaling. Used for signals such as "hang up"

-A INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -p udp -m udp --dport 5061 -j ACCEPT

IAX2- the IAX protocol - comment out if you don't plan to use IAX

-A INPUT -p udp -m udp --dport 4569 -j ACCEPT

IAX - old IAX protocol, uncomment if needed for legacy systems.

-A INPUT -p udp -m udp --dport 5036 -j ACCEPT

RTP - the media stream - you can change this in /etc/asterisk/rtp.conf

-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

MGCP - if you use media gateway control protocol in your configuration

-A INPUT -p udp -m udp --dport 2727 -j ACCEPT

Uncomment these lines if you plan to use FreePBX to manage Asterisk

-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

Allow ping

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

Log iptables denied calls

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Drop all other inbound - default deny unless explicitly allowed policy

-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

Start Firewall at BootPermalink

Install iptables-services, then enable and start it:

sudo yum install iptables-services
sudo systemctl enable iptables
sudo systemctl start iptables

Load the firewall rules:

sudo iptables-restore < /etc/iptables.firewall.rules

Recheck the Linode’s firewall rules:

sudo iptables -L

Save this ruleset:

/usr/libexec/iptables/iptables.init save

Installing DependenciesPermalink

yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel

Install Asterisk 15

cd ..
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-15-current.tar.gz
tar -zxvf asterisk-15-current.tar.gz
mv asterisk-15.4.1 asterisk
cd asterisk

Enable MP3 Support

To use MP3 files for Music on Hold, some dependencies will need to be installed.

sudo yum install svn
contrib/scripts/getmp3source.sh
contrib/scripts/install_prereq install
./configure --with-pjproject-bundled --with-crypto --with-ssl=ssl --with-srtp
make menuselect
make
make install
make samples
make config
ldconfig
adduser --system --group --home /var/lib/asterisk --no-create-home --gecos "Asterisk PBX" asterisk
usermod -a -G dialout,audio asterisk
sudo service asterisk start
asterisk -rvv
core show help
exit

mv extensions.conf extensions.sample
mv sip.conf sip.sample
mv pjsip.conf pjsip.sample

#extensions.conf

[public]
exten = 100,1,Goto(hello-world,s,1)
[default]
[hello-world]
exten = s,1,Answer()
same = n,Wait(1)
same = n,Playback(hello-world)

same = n,Hangup()

#pjsip.conf

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0
[6001]
type=endpoint
context=public
disallow=all
allow=ulaw
auth=6001
aors=6001
[6001]
type=auth
auth_type=userpass
password=password
username=6001
[6001]
type=aor

max_contacts=1

asterisk -rx "core restart now"
asterisk -rvvvvv

answered Jun 19 by Sam (1,370 points)

Related questions

1 like 0 dislike
1 answer
1 like 0 dislike
2 answers
1 like 0 dislike
1 answer
asked Oct 23 in Education & Reference by Sam (1,370 points) | 14 views
1 like 0 dislike
2 answers
0 like 0 dislike
1 answer

Where your donation goes
Technology: We will utilize your donation for development, server maintenance and bandwidth management, etc for our site.

Employee and Projects: We have only 15 employees. They are involved in a wide sort of project works. Your valuable donation will definitely boost their work efficiency.

How can I earn points?
Awarded a Best Answer 10 points
Answer questions 10 points
Asking Question -20 points

Mathe Forum Schule und Studenten
1,171 questions
1,311 answers
276 comments
1,602 users