Differences

This shows you the differences between two versions of the page.

--- configuration:security:block_authentication_scan [2019/05/06 16:47] – jgil
+++ configuration:security:block_authentication_scan [2019/06/19 10:51] – asilva
@@ Line 3: / Line 3: @@
 At the start you will need to create a new list:
-   * Networking → Traffic classes → Lists → Create new list called sip
+   * Networking → Traffic classes → Lists → Create new list called "blacklist"
-   * Then you have to block the IPs on the sip list, so:
+   * Then you have to block the IPs on this list, so:
    * Secutiry → Firewall → Add input:
    * x – Enabled
    * Type: Input
-   * Traffic: x – Custom; Networtk: x – Source Address x – Lists: sip
+   * Traffic: x – Custom; Networtk: x – Source Address x – Lists: blacklist
    * Action: Drop
 After that you will create a trigger rule:
    * Monitor → Trigger → Rules: Add
    * x - Enabled
-   * Name: Sip_ban
+   * Name: ban ip
    * Priority: First
    * Conditions: x – Custom; Variables: Variable text: Name: action Expresion: ^ban$
-   * Action: x – Custom; IP list : x – Add; ${network_ip}/32; List: sip
+   * Action: x – Custom; IP list : x – Add; ${network_ip}/32; List: blacklist
 The last thing you need to do is to activate Authentication ban:
    * Telephony → General → Authentication Ban:
@@ Line 27: / Line 29: @@
 Also you can create another trigger to unban the banned IPs:
    * x – Enabled
-   * Name: unban_sip
+   * Name: unban ip
    * Priority: First
    * Conditions: x – Custom; Variables: Variable text: Name: action Expresion: ^unban$
-   * Action: x – Custom; IP list : x – Add; ${network_ip}/32; List: sip
+   * Action: x – Custom; IP list : x – Remove; ${network_ip}/32; List: blacklist