Responsive Firewall - keep blocking my cellphone every time I get new IP

v4704 · March 22, 2017, 7:03am

Asterisk Version: 13.14.0
FreePBX 13.0.190.19
System Firewall: 13.0.44.4

My desktop PC is almost never changing its public IP, so the “trust zone” is doing a good job allowing the connection. My problem is with my cell phone that gets new IP every few days from my cellular provider.

I’m using an Android device with Media5 free client, there is no way the device is sending any type of request with wrong password (I’m not trying to connect to the web interface, SSH or anything else other than SIP from it), but it still going to blocked list.

What can cause that? what are the parameters that gets an IP blocked by the Responsive Firewall?

Many thanks!

cynjut · March 22, 2017, 1:17pm

A likely culprit is that your phone is registering with the IP address, then failing (congestion or time-out, for example), then re-registering. This was reported early in the responsive firewall days and results in your phone looking like a candidate for fail2ban because of all the reconnections.

I don’t know if we ever came to a workaround, but reducing the reconnects should help.

jyates01 · March 22, 2017, 11:41pm

I used a dynamic DNS client and put the DDNS name as a strict allow rule in Iptables, so even it your ip changes, your DDNS name stays the same.