Blocking geographic cities from accessing Asterisk using Secast
I am using Secast for intrusion protection on my Asterisk PBX. It’s working great, and I now want to start blocking specific geographic regions. My system is getting hammered from Ramallah Palestine, and I want to block them. Is this right?
I have set (in the [geoip] section of secast.conf):
ruledefault=allow
ruleexceptions=::Ramallah:
A bit off topic, but consider how you are using your geofencing rules. Are your users really travelling the world?
If not, switch the default rule to deny, and the allow in only the country(ies)/continent(s) where your pbx users actually visit.
So for the example above, if you have valid users in other parts of Palestine but none in Ramallah, then don't deny all of palestine.