Linphone VOIP client to a local SIP VOIP provider. Plain paid VOIP line with a local number. Client registers with provider correctly. Inbound and outbound calls work correctly.
However OpenWRT sees the SIP conversation, and thinks to itself, I'll be helpful and open port 5060 UDP to the outside world, so inbound SIP connects come straight through to your Linphone client.
Port scanners, using tools like sipvicious, quickly pick it up, and now my soft phone is getting inbound nuisance calls from all over the world, and attempts to get the softphone to redial expensive international numbers.
Incredibly, the upstream huawei fibre cpe router is repeating the same behaviour.
So this feature would seem to be ALG or UPNP.
However UPNP doesn't show any Active UPnP redirects.
ALG doesnt appear to have a status screen in LUCI
There is no SIP ALG in OpenWrt by default, so check Huawei.
Don't use port 5060 locally (in the client configuration).
Check if your SIP client has a setting like "accept incoming from proxy only".