1234
返回列表 發帖
Qnewbie

Rank: 1
31# 跳轉到 »
發表於 2011-3-31 19:42 | 顯示全部帖子
I am using svn 437.

If there is not major improvement in security or functionality, I would stick with svn 437.

TOP

Qnewbie

Rank: 1
32#
發表於 2011-4-7 21:15 | 顯示全部帖子
Ckleea C-hing, which packages are included in your compilation of svn 437?

Planning to compile svn 437 with support of advance features for iptables.

TOP

Qnewbie

Rank: 1
33#
發表於 2011-4-7 21:44 | 顯示全部帖子
回復 568# ckleea


    The iptables is included in your compilation. However, the advanced features for iptables did not.
  1. vi package/iptables/config.iptables, and those two lines:
  2. CONFIG_NETFILTER_ADVANCED=y
  3. CONFIG_NETFILTER_XT_MATCH_LENGTH=y
複製代碼
http://switchfin.org/index.php?option=com_agora&task=topic&id=72&p=1&Itemid=54#p720

TOP

Qnewbie

Rank: 1
34#
發表於 2011-4-7 21:56 | 顯示全部帖子
Actually, I am trying to download and install the cross-compiling environment for svn 437.

Not sure to include everything in the firmware, but at least the iptables&n2n.

TOP

Qnewbie

Rank: 1
35#
發表於 2011-4-8 21:43 | 顯示全部帖子
Compile&flash svn437 with enhanced iptables. However, the web GUI reflashes every 5 seconds. It is impossible to use...

Flash back to good old svn 437 image again...

TOP

Qnewbie

Rank: 1
36#
發表於 2011-4-9 22:19 | 顯示全部帖子
Compile the latest svn 506, with iptables advanced feature support.

Looks great. The firmware works direct without unplug of power supply

Hope it would be stable as svn 437.

TOP

Qnewbie

Rank: 1
37#
發表於 2011-4-9 23:27 | 顯示全部帖子
Based on the information from bublestar&ckleea C-hings, it is recommended to use iptables to block ip addresses with following commands:
  1. iptables -I INPUT -m iprange --src-range 119.176.0.0-119.191.255.255 -j DROP
  2. iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
  3. iptables -I INPUT -m iprange --src-range 202.99.121.0-202.99.121.255 -j DROP
  4. iptables -I INPUT -m iprange --src-range 95.211.0.0-95.211.255.255 -j DROP
  5. iptables -I INPUT -m iprange --src-range 174.132.0.0-174.133.255.255 -j DROP
  6. iptables -I INPUT -m iprange --src-range 222.232.0.0-222.239.255.255 -j DROP
  7. iptables -I INPUT -m iprange --src-range 202.102.0.0-202.102.127.255 -j DROP
  8. iptables -I INPUT -m iprange --src-range 95.154.248.0-95.154.251.255 -j DROP
  9. iptables -I INPUT -m iprange --src-range 188.161.128.0-188.161.255.255 -j DROP
  10. iptables -I INPUT -s 79.114.199.69 -j DROP
  11. iptables -I INPUT -s 64.156.192.26 -j DROP
  12. iptables -I INPUT -s 202.129.0.9 -j DROP
  13. iptables -I INPUT -s 62.152.60.70 -j DROP
  14. iptables -I INPUT -s 82.220.3.13 -j DROP
複製代碼

TOP

Qnewbie

Rank: 1
38#
發表於 2011-4-10 16:25 | 顯示全部帖子
回復 587# bubblestar


    Yes, the update process is smooth than svn 437.

I don't know how many rules can be added. As Ckleea C-hing, said, hope it would add quite a lot(there are quite many space left for persisten). However, it requires more CPU power as the list grows.

TOP

Qnewbie

Rank: 1
39#
發表於 2011-4-10 17:10 | 顯示全部帖子
回復 591# ckleea


    I don't implement n2n to retain (reduce) the size of firmware(8.0 MB).

I can compile a newer one to include n2n & iptables and report the size latter.

TOP

Qnewbie

Rank: 1
40#
發表於 2011-4-10 17:31 | 顯示全部帖子
The size is 8.1 MB. packagelist.png

TOP

Qnewbie

Rank: 1
41#
發表於 2011-4-10 22:21 | 顯示全部帖子
The buttons for Outgoing Calling Rules don't work.

TOP

Qnewbie

Rank: 1
42#
發表於 2011-4-11 02:42 | 顯示全部帖子
Recompile with n2n & iptables with custom kernel setting, the buttons for Outgoing Calling Rules come back.

Currently, I don't apply the stability test as 亞星 does.

M could stand for many things, maintenance, modification, or why not McDonald's

TOP

Qnewbie

Rank: 1
43#
發表於 2011-4-27 17:48 | 顯示全部帖子
My 506M is instable as it restarts randomly.

Could it be the problem with compile environment? I am using Maverick Ubuntu(64-bit AMD cpu). Some programs like Eclipse's PHP editor fails to load.

TOP

Qnewbie

Rank: 1
44#
發表於 2011-5-18 17:16 | 顯示全部帖子
How to add patch to asterisk in switchfin?

Currently, I am trying to add bradyzhu C-hing's patch to ET263. The result is negative Does anyone apply patch successfully to switchfin?

I add the patch code to package/asterisk/asterisk-1.4.patch file before compilation:
  1. @@ -16896,10 +16896,10 @@
  2.                 /* RFC 3261 - 8.1.3.3 If more than one Via header field value is present in a reponse
  3.                  * the UAC SHOULD discard the message. This is not perfect, as it will not catch multiple
  4.                  * headers joined with a comma. Fixing that would pretty much involve writing a new parser */
  5. -                if (!ast_strlen_zero(__get_header(req, "via", &via_pos))) {
  6. -                        ast_log(LOG_WARNING, "Misrouted SIP response '%s' with Call-ID '%s', too many vias\n", e, callid);
  7. -                        return 0;
  8. -                }
  9. +//                if (!ast_strlen_zero(__get_header(req, "via", &via_pos))) {
  10. +//                        ast_log(LOG_WARNING, "Misrouted SIP response '%s' with Call-ID '%s', too many vias\n", e, callid);
  11. +//                        return 0;
  12. +//                }
  13.                 if (!p->initreq.headers) {
  14.                         if (option_debug)
  15.                                 ast_log(LOG_DEBUG, "That's odd...  Got a response on a call we don't know about. Cseq %d Cmd %s\n", seqno, cmd);
複製代碼

TOP

Qnewbie

Rank: 1
45#
發表於 2011-5-20 17:02 | 顯示全部帖子
回復 639# ckleea

I think it is patched.

The asterisk source code before compilation is located in build_ip01/asterisk-1.4.40

Unfortunately, this patch didn't fix the ET263 problem .

TOP

1234
返回列表