DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Block all traffic apart from one IP [Firewall Rules]
- smurf786
- Topic Author
- User
-
Less
More
07 Nov 2015 01:47 #1
by smurf786
Block all traffic apart from one IP [Firewall Rules] was created by smurf786
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
-
Less
More
- Posts: 1139
- Thank you received: 0
07 Nov 2015 15:33 #2
by voodle
Replied by voodle on topic Re: Block all traffic apart from one IP [Firewall Rules]
Is that to a SIP phone behind the router or the router's own VoIP ports? Because the firewall doesn't affect the router's internal voip ports, you'd need to use the call barring stuff to do that.
Please Log in or Create an account to join the conversation.
- chrisw
- Offline
- Junior Member
-
Less
More
- Posts: 78
- Thank you received: 0
08 Nov 2015 20:30 #3
by chrisw
Replied by chrisw on topic Re: Block all traffic apart from one IP [Firewall Rules]
I'm assuming you are using external SIP device? If so I do the blocking the the other way round:
First rule is set to 'pass immediately' any incoming traffic from my chosen VoIP provider source IP with the (internal) destination IP of my PBX & UDP port 5060.
Second rule is set to 'block immediately' any source IP to any destination IP with UDP port 5060.
UDP port 5060 is the troublesome one, so all wanted traffic if passed by first rule & everything else is blocked by the second.
On an average day there must be about 10~20 random probes to port 5060 which get blocked ( & logged by syslog).
First rule is set to 'pass immediately' any incoming traffic from my chosen VoIP provider source IP with the (internal) destination IP of my PBX & UDP port 5060.
Second rule is set to 'block immediately' any source IP to any destination IP with UDP port 5060.
UDP port 5060 is the troublesome one, so all wanted traffic if passed by first rule & everything else is blocked by the second.
On an average day there must be about 10~20 random probes to port 5060 which get blocked ( & logged by syslog).
Please Log in or Create an account to join the conversation.
- smurf786
- Topic Author
- User
-
Less
More
09 Nov 2015 12:21 #4
by smurf786
Replied by smurf786 on topic Re: Block all traffic apart from one IP [Firewall Rules]
Thanks guys for your help. I have set it up as you have suggested ChrisW.
Just to test the firewall rule i set my SIP provider ip to block immediately but i can still make/receive calls so seems the firewall rules are not working?
Firewall is Enabled in general setup aswell.
What could be causing the rule not to block?
I have restarted router and PBX to no avail?
Just to test the firewall rule i set my SIP provider ip to block immediately but i can still make/receive calls so seems the firewall rules are not working?
Firewall is Enabled in general setup aswell.
What could be causing the rule not to block?
I have restarted router and PBX to no avail?
Please Log in or Create an account to join the conversation.
- chrisw
- Offline
- Junior Member
-
Less
More
- Posts: 78
- Thank you received: 0
09 Nov 2015 12:52 #5
by chrisw
Replied by chrisw on topic Re: Block all traffic apart from one IP [Firewall Rules]
Not sure... I think it may be the case that if you have outgoing port 5060 traffic (e.g. SIP registration requests) then these may have punched a hole through the firewall so that return traffic from the same IP follows the NAT path rather than hitting the firewall. Are you logging any other port 5060 probes that are being blocked (you may have to wait 24 hours or so...)? In any case can you post pics of your rules again so we can review?
Chris
Chris
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
-
Less
More
- Posts: 1139
- Thank you received: 0
10 Nov 2015 11:08 #6
by voodle
Replied by voodle on topic Re: Block all traffic apart from one IP [Firewall Rules]
The screenshots show filter set 1 - which is the call filter, this isn't the same as the data filter, so possibly try putting the rules in filter set 2 or under firewall general setup, switch the filter sets around that each one links to so that filter set 1 links to the data filter.
Please Log in or Create an account to join the conversation.
Copyright © 2024 DrayTek