Hi setting up firewall rules for SIP to block traffic from any other IP apart from my SIP provider IP but it seems i am still getting traffic from other WAN IP's. Can someone check i have set up the rules correctly please? I am getting alot of phantom ghost calls.


image url

And



photos upload

Is that to a SIP phone behind the router or the router's own VoIP ports? Because the firewall doesn't affect the router's internal voip ports, you'd need to use the call barring stuff to do that.

I'm assuming you are using external SIP device? If so I do the blocking the the other way round:
First rule is set to 'pass immediately' any incoming traffic from my chosen VoIP provider source IP with the (internal) destination IP of my PBX & UDP port 5060.
Second rule is set to 'block immediately' any source IP to any destination IP with UDP port 5060.

UDP port 5060 is the troublesome one, so all wanted traffic if passed by first rule & everything else is blocked by the second.
On an average day there must be about 10~20 random probes to port 5060 which get blocked ( & logged by syslog).

Thanks guys for your help. I have set it up as you have suggested ChrisW.

Just to test the firewall rule i set my SIP provider ip to block immediately but i can still make/receive calls so seems the firewall rules are not working?

Firewall is Enabled in general setup aswell.

What could be causing the rule not to block?

I have restarted router and PBX to no avail?

Not sure... I think it may be the case that if you have outgoing port 5060 traffic (e.g. SIP registration requests) then these may have punched a hole through the firewall so that return traffic from the same IP follows the NAT path rather than hitting the firewall. Are you logging any other port 5060 probes that are being blocked (you may have to wait 24 hours or so...)? In any case can you post pics of your rules again so we can review?
Chris

The screenshots show filter set 1 - which is the call filter, this isn't the same as the data filter, so possibly try putting the rules in filter set 2 or under firewall general setup, switch the filter sets around that each one links to so that filter set 1 links to the data filter.