Blocking geographic cities from accessing Asterisk using Secast

security asterisk pbx ids secast

I am using Secast for intrusion protection on my Asterisk PBX. It’s working great, and I now want to start blocking specific geographic regions. My system is getting hammered from Ramallah Palestine, and I want to block them. Is this right?

I have set (in the [geoip] section of secast.conf):

ruledefault=allow
ruleexceptions=::Ramallah:

A bit off topic, but consider how you are using your geofencing rules. Are your users really travelling the world?

If not, switch the default rule to deny, and the allow in only the country(ies)/continent(s) where your pbx users actually visit.

So for the example above, if you have valid users in other parts of Palestine but none in Ramallah, then don't deny all of palestine.

Related

Postfix -- auto blacklist senders who send to 'honeypot' email addresses [duplicate]
PHP file_get_contents error on CentOS
Using nftables to forward HTTP(s) traffic to VM guest without masquerade
Out of memory at 72% usage
RAID 10 Cluster Size for SQL Dynamics AX Database
Android: setSelection having no effect on Spinner
What makes a static variable initialize only once?
Is Maven ready for JDK9?
Rails: Could not find railties
std::to_string - more than instance of overloaded function matches the argument list
Represent space and tab in XML tag?
Javascript - No 'Access-Control-Allow-Origin' header is present on the requested resource