Firewall Module : Blocked Attackers

Hey there,
I used the 14 Distro. I have some trouble with the Firewall. Sometimes my softphone try to get BLF status and send 20 SUSCRIBES messages.

When my public IP change (LTE network), my app can send the SUSCRIBES before the REGISTER option has been sent. Then the Firewall consider it as an attacker and block the IP :frowning_face:

It is not the responsive firewall wich does this, it is the Firewall in Blocked Hosts section.
I need to go there and erase the blocked IP.

The firewall does it job well BUT, before the SIP stack of my mobile app will be updated, I want to manage how the firewall consider an IP as an attacker. Where can I do this ?

Here is the capture :

Yes it is responsive. The blocked hosts section shows IPs that have been blocked by Responsive. This is actually a known issue:

How can I get around of this problem ?

Lorne thank you.

lorne, I have seen your comment on the issues tracker

Is there a way to bypass by adding customs rules in /etc/firewall-4.rules ?

Thanks. It is very annoying for my business.

The only thing I can say is, if responsive is not working for you then don’t use responsive. We have some basic ideas but it will take time to test, code and QA.

lorne, if I put this lines in the customs rules in /etc/firewall-4.rules and modify parameters, does this will apply ? or will it be the default settings hardcoded ?

-A fpbxratelimit -m recent --rcheck --seconds 90 --hitcount 1 --name WHITELIST --mask --rsource -j ACCEPT
-A fpbxratelimit -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --mask --rsource -j fpbxattacker
-A fpbxratelimit -m recent --rcheck --seconds 86400 --hitcount 200 --name REPEAT --mask --rsource -j fpbxattacker
-A fpbxratelimit -m recent --rcheck --seconds 300 --hitcount 100 --name REPEAT --mask --rsource -j fpbxattacker
-A fpbxratelimit -m recent --rcheck --seconds 60 --hitcount 50 --name REPEAT --mask --rsource -j fpbxshortblock
-A fpbxrfw -m recent --rcheck --seconds 90 --hitcount 1 --name WHITELIST --mask --rsource -j ACCEPT
-A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --mask --rsource -j fpbxattacker
-A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --mask --rsource -j fpbxattacker
-A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 10 --name SIGNALLING --mask --rsource -j fpbxshortblock
-A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --mask --rsource -j fpbxattacker

And if I disable the RF, sip registration will not be filtering ? Is that not very dangerous to do this ?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.