Sip Trunk Service Block by Firewall Module

Sip Provider uses ip authentication

The Firewall will block the server ip of the host after several phone calls.

Copied from wiki (Note that you do not have to add configuration for trunks, as they are automatically configured and require no additional setup.)

Any idea why the sip server ip keeps getting blocked?


Not a valid host line. Create separate trunk for each host.

You can also expliciitly whitelist each of the server hosts.

In addition, in FreePBX “context=default” should be throwing an error. Try something like “…=from-trunk”.

The DTMF mode selection may not work reliably as well. If it works for you, good, but if you have trouble with digits not working in IVRs or in Voicemail, you may need to narrow your DTMF Mode selection down a little bit.

Only use “type=friend” if the address you specified can receive calls from your PBX as well as deliver calls to your PBX.

1 Like

I created a trunk for every host.

Also whitelisted the ip address in intrusion detection.

The inbound host is still getting blocked by the firewall after several inbound calls.
Outbound still works.

Any other suggestions?

The trunks can be inbound and outbound so type=friend should be fine?

It’s not that I don’t believe you, but until I see the logs where the address is getting blacklisted, I’m not sure I can understand what you are saying. If the host is properly whitelisted in the firewall config, it will not be blacklisted by the firewall.

I have them added to the firewall as trusted.
Also have whitelisted the ip address in intrusion detection.

Below is a screen shot of the blocked host.

Any other suggestions??

Try using the GUI for both sides of the discussion. It’s possible that you are looking at two parts of the system that are disconnected at some point.

Your list of trusted hosts in the Firewall GUI should match the fwconsole fw command list. Double check that.

Finally, there has got to be something in your /var/log/asterisk/full logs (or maybe the firewall logs in the same directory) that tell why the hosts were locked out.

1 Like

Thanks for all your help. I am new to FreePBX and have learned a lot about the firewall.

The issue was one of the host ip address in the trunk setup was incorrect.

The inbound was able to work till the firewall blocked it because allow anonymous inbound SIP calls was set to yes.

Found the ip issue when doing a packet capture on my network firewall.

Thanks again :grinning:

Turn that off! Now, especially now that you’ve announced to the world that it’s on!

All ready done :slight_smile: