When you run the GNU Gatekeeper, you can block spam calls from the well known bots ("MERA RU", "SimpleOPAL" etc.) eg. using a small LUA script in your config.

But that alone doesn't stop the load on the server, because often these bots keep on making calls.

Fail2ban to the rescue!

With this filter definition in /etc/fail2ban/filter.d/gnugk.conf you can check fro rejected calls:

[Definition]
failregex = Dropping call CRV=[0-9]+ from <HOST>:[0-9]+ due to Setup authentication failure
ignoreregex =


And then you can add this jail definition to /etc/fail2ban/jail.local to block the IP:

[gnugk]
enabled  = true
logpath  = /var/log/gnugk.log
filter   = gnugk
bantime  = 6000
maxretry = 2
action   = iptables[name=GnuGk, port=1720, protocol=tcp]


Voila!

Many networks are migrating from IPv4 to IPv6. What can you do if still have H.323 endpoints that only support IPv4 ?

The GNU Gatekeeper can translate IPv4 into IPv6 calls and vice versa.
You can use one GnuGk to IPv6 enable all of your existing IPv4 endpoints.

All you have to do is enable IPv6 in your configuration and GnuGk will automatically
detect the connection type of your endpoints and convert the call.

All it takes is one switch in your config:

[Gatekeeper::Main]
EnableIPv6=1 

HSTP-NFWT - Requirements for Network Address Translator and Firewall Traversal of H.323 Multimedia Systems

HSTP-FNTP - Firewall and NAT Traversal Problems in H.323 Systems

HSTP-H.510M - Usage of the H.510 protocol for the support of H.323 based Multimedia Services within GPRS/IMT2000 networks