Change default sip port from 5060 to something else for example 11333.
|
1 2 |
cd /etc/asterisk nano sip_general_custom.conf |
add the following to the file:
|
1 |
bindport=5060 |
(Change 5060 to your new port).
|
1 2 |
amportal stop amportal start |
Don’t forget to add the new port into Fail2Ban.
|
1 2 |
cd /etc/fail2ban nano jail.local |
Define the new port on firewall
Disable unused rules and add a one with the new port
Reduce failed attempts
Set “alwaysauthreject=yes” in your sip configuration file in order to prevent Asterisk from telling a sip scanner which extensions are valid by rejecting authentication requests on existing usernames with the same rejection details as with nonexistent usernames. Set Allow Sip Guests to no.
Disable ## and *2
Remove Ttr and Tt
Finally check your ports:
