I have a PBX behind the router and need to open some ports for use by a specific trunk provider.

I have set up the rules but it does not seem to work properly, so I would be grateful for some guidence.

I have opened UDP ports 5060 and 10000-20000 and forwarded them to the PBX but want to only allow traffic through if coming from any of five specific source IPs.

So in my Default Data Filter I have filter rule 2:

Source IP: Group 'Anveo' which I have set up as an IP group consisting of 5 IPs
Destination IP: Any
Service Type: 'SIP' which I set up as a Service Type Group consisting of two Service Type Objects:-
TCP/UDP; Source port: 1- 65535; Dest Port 10000-20000
TCP/UDP; Source port: 1- 65535; Dest Port 5060
Filter: Pass Immediately

Filter Rule 3 is then:

Source IP:Any
Destination IP: Any
Service Type: 'SIP' as per above
Filter: Block Immediately

Despite the above, Probes to port 5060 (at least) are getting through to the PBX from unauthorised external IPs.

What have I missed?

the firewall works logically top down
You need the Block rule at the top with action "Block unless further match"
Then put your pass rule under it.
It works as we have mitels etc that need similar settings

I must say I find that very counter intuative but I have reversed the order of the two rules and changed 'Block Immediately' to 'Block if no further match' and we will see what happens.

What I do not understand is why my way does not work.

My Pass immediately rule should pass the SIP ports for the specified IPs only and the next rule should block those SIP forts from any other source.

Just checked my PBX log and 3 and 5 minutes after I made the change I still had attack entries logged, so port 5060 connections are still getting through from unauthorised source IPs.

Dammit!
Do you have any other rules in the Data Filter

If it was mine (sorry for the dodgy screen shots) it would be something like this



Followed by

sicon wrote: Do you have any other rules in the Data Filter

Yes. I have 3 further independent rules in the same filter set relating to controlling DNS lookups (restricted to OpenDNS for all PCs other than my mail server). Is that a problem? Should they go in a different filter set?

Your example is basically the same as I have except for rule 3 I have Destination IP as 'All' while you have 'PBX Switch'