Audio works even when 10000-20000 ports are not enabled

I’m playing around with the firewall to learn better how it works. Responsive firewall is currently disabled.

So far I was able to test ports 80, 443, SIP5060, SSH etc to see how firewall is able to block traffic when a custom port is not added in custom services tab.

But for some reason, when a phone authenticates (when I open port 5060 manually but don’t open RTP ports 10000-20000) the audio still works.

Why is that?

By default, the firewall allows all outbound traffic to pass, as well as received responses to that traffic. For example, the server can do DNS lookups, get the time and fetch software updates without manually opening any ports.

If you call from an extension to voicemail, echo test, speaking clock, etc., outbound audio from Asterisk is passed to the phone. Audio from the phone appears to be replies and is passed by the firewall.

However, with default settings, I’d expect a call from one extension to another not to work, because only audio received from one phone would be sent to the other and there would be nothing to “prime the pump”. Although various options such as inband progress would get around the blockage, IMO it’s far easier to open the ports than to attempt to cover all the cases.

That is because those ports are not blocked. They are always open.

Thanks for your answers guys!

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.