DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
UDP Ports
- castigers99
- Topic Author
- Visitor
14 May 2015 16:32 #83412
by castigers99
UDP Ports was created by castigers99
can anyone tell me the best way to lock down 5060 UDP so that only one ip can use the service on a draytek 2830?
ive tried the firewall rules but they dont seem to block anything!
thanks in advance Gary
ive tried the firewall rules but they dont seem to block anything!
thanks in advance Gary
Please Log in or Create an account to join the conversation.
- chrisw
- Offline
- Junior Member
Less
More
- Posts: 75
- Thank you received: 0
15 May 2015 07:26 #83416
by chrisw
Replied by chrisw on topic Re: UDP Ports
Yes, far too many SIP scanners around...!
Obviously you need to know the IP or IP ranges(s) of your legitimate VoIP services, but then creating firewall filter set rules like:
1) Direction: WAN -> LAN | Source IP <your VoIP provider> | Destination IP <your internal IP of VoIP device> | Service type UDP port from 5060 to 5060 | Fragments Don't Care | Filter Pass Immediately
then
2) Direction: WAN -> LAN | Source IP any | Destination IP any | Service type UDP port from 5060 to 5060 | Fragments Don't Care | Filter Block Immediately
This assumes you have port forwarding set up so port 5060 traffic is routing to a specific internal IP/device <your internal IP of VoIP device>.
This works on my 2860 and 2 previous generations of Draytek devices! Some devices seem to need a reeboot before filter rules take effect.
Chris
Obviously you need to know the IP or IP ranges(s) of your legitimate VoIP services, but then creating firewall filter set rules like:
1) Direction: WAN -> LAN | Source IP <your VoIP provider> | Destination IP <your internal IP of VoIP device> | Service type UDP port from 5060 to 5060 | Fragments Don't Care | Filter Pass Immediately
then
2) Direction: WAN -> LAN | Source IP any | Destination IP any | Service type UDP port from 5060 to 5060 | Fragments Don't Care | Filter Block Immediately
This assumes you have port forwarding set up so port 5060 traffic is routing to a specific internal IP/device <your internal IP of VoIP device>.
This works on my 2860 and 2 previous generations of Draytek devices! Some devices seem to need a reeboot before filter rules take effect.
Chris
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek