I'm trying whitelist a single external IP for access to a port and reject all others.
This is for voip purposes and has something to do with SIP scanning or something? (I don't know exactly, I just got told to deny all connections to the port unless they were coming from a specific IP.)
I've had a look at the firewall documentation, but I've got pretty much no clue.
At the moment I'm thinking of 2 rules under Firewall > Traffic rules in the luci gui:
Both are tcp and udp
I've read the thread, and I don't understand enough of the terminology to know how this will help me.
All I'm trying to do is block all incoming wan connections to port 5060 with the exception of what seems to be the external IP of the SIP ISP. I know the IP that needs to be allowed, but I don't how to allow ONLY that IP.
I've finally had a chance to get back to this, of course the first rule doesn't break anything, but I don't know how to test if I'm protected or not without the second rule.
I was told there would likely be security issues eventually if connections were allowed from anything but the whitelisted IP, so I'm just trying to dot my i's and cross my t's to be sure.
Going reading through a tree of threads from the thread linked by frollic, kmod-nf-nathelper-extra seems to have inherent security issues, but I appear to not need to use it, so I think I'm ok on that front.