Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Firewall block SIP

Post Reply
 
alberto464
just joined
Topic Author
Posts: 13
Joined: Tue Jun 14, 2022 10:19 pm

Firewall block SIP

Thu Jun 16, 2022 7:42 pm

Hello, I created some Firewall rules because I noticed that in the CONNECTIONS there are many public IPs pointing to port 5060 and 5061. Once the rule is executed, however, you notice that in the connections the IPs continue to connect and are not dropped.

Here are the rules I created:

Code: Select all
add action=add-src-to-address-list address-list=sip_attack address-list-timeout=3h chain=input dst-port=5060 protocol=udp src-address-list=!accesso_consentito
add action=add-src-to-address-list address-list=sip_attack address-list-timeout=3h chain=input dst-port=5060 protocol=tcp src-address-list=!accesso_consentito
add action=add-src-to-address-list address-list=sip_attack address-list-timeout=3h chain=input dst-port=5061 protocol=udp src-address-list=!accesso_consentito
add action=add-src-to-address-list address-list=sip_attack address-list-timeout=3h chain=input dst-port=5061 protocol=tcp src-address-list=!accesso_consentito
add action=drop chain=input src-address-list=sip_attack

Where am I wrong? :(
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Firewall block SIP

Thu Jun 16, 2022 8:10 pm

input is the chain to the CPU, forward is the chain for the NATted or routed devices....
Top
 
alberto464
just joined
Topic Author
Posts: 13
Joined: Tue Jun 14, 2022 10:19 pm

Re: Firewall block SIP

Thu Jun 16, 2022 8:54 pm

input is the chain to the CPU, forward is the chain for the NATted or routed devices....

So do I have to move these rules from "Input" to "Forward"?
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Firewall block SIP

Fri Jun 17, 2022 10:47 am

Yes, if the IP under attack is not the RouterBOARD IP...
And if hardware offload is active between bridge ports, you can not intercept that until you do not also active firewall for bridge,
but that drop prestations.

Is better you do not make visible from outside, the VoIP port open, directly inside the clients...
Top
 
alberto464
just joined
Topic Author
Posts: 13
Joined: Tue Jun 14, 2022 10:19 pm

Re: Firewall block SIP

Fri Jun 17, 2022 11:26 am

Is better you do not make visible from outside, the VoIP port open, directly inside the clients...

But if to be safer I go to "Firewall> Service Port" and disable SIP, internal LAN clients such as VoIP phones that still connect to the VoIP server or not because I have disabled the option, I don't understand this thing.
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Firewall block SIP

Fri Jun 17, 2022 1:09 pm

If the internal devices have private IP, no matter,
I write about internal devices with public IP...
Top
 
alberto464
just joined
Topic Author
Posts: 13
Joined: Tue Jun 14, 2022 10:19 pm

Re: Firewall block SIP

Fri Jun 17, 2022 1:31 pm

If the internal devices have private IP, no matter,
I write about internal devices with public IP...

Perfect, thank you!
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Firewall block SIP

Fri Jun 17, 2022 1:32 pm

Have a nice day,
Ciao
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], logobg, ryancccc and 33 guests
  4. RouterOS
  5. Beginner Basics