Can't get Iptables ACCEPT for String to Work

Running FreePBX 13.0.105 with Asterisk 13.7.0

We have our box setup with a public IP as we were having issues using other than 5060 TCP bind ports (we’re using TCP for SIP) behind our Cisco ASA 5510’s.

That being said, we have and Sangoma firewall off, but fail2ban on.

We’re trying to do the following to help tighten down our server a little more:

-A INPUT -i eth0 -p tcp -m tcp --dport 7775 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 7775 -m string --string “REGISTER
sip:sip1.ourservers.com” --algo bm --to 65535 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 7775 -j DROP

Got that from this post

Anyway, I cannot get an endpoint to connect like this. I have to simply open up TCP 7775 like this:

-A INPUT -p tcp --dport 7775 -j ACCEPT

Any idea why the the string thing isn’t working? I even did a tcpdump and saw the “REGISTER sip:sip1…” line. It did include :7775 at the end, put I even tried to add that to the iptables string and no go.

It’s not related as it’s not on 5060. Just turn on responsive firewall, it does all this automatically, and correctly.

Is it considered safe for production?

And can you explain how I would only let registrations to our domain name, and not the IP address through, with the responsive firewall?

While it is still relatively new, most of the growing pains I’ve seen were more in web interface than in the firewall itself. @xrobau has been super helpful with every issue I’ve had with it and it seems to be working very well in the two commercial installs I have it running on.

Cool thanks. I have it running now.

I know you said you already switched to the Sangoma firewall but if you are still interested in trying it I would try removing the REGISTER sip: and only have your domain name: sip1.ourservers.com.

I will give that a shot, thanks.