[Firehol-support] Firewall logic

Daniel Heckl daniel.heckl at gmail.com
Wed Nov 1 14:44:53 GMT 2017


I refer to your last message from Januar 2016 regarding RTP rules in

Is there any other solution to implement (with FireHOL) a custom rule to
allow traffic to a specific port range (my own RTP ports) from specific ip
ranges (their RTP servers)?

Your solution is working fine, but allows full access to all ports of the
RTP servers without looking on the src port range (10000:10100).


server_myrtp_ports="udp/10000:10100" # use the same ports as in


server_theirrtp_ports="udp/any" # the providers may use any port for RTP

Then, at your internet interface, replace these:

        server4 sip accept src "${telekom} ${sipgate_sip}"
        server4 rtp accept src "${telekom} ${sipgate_rtp}"
        client4 all accept dst "${telekom} ${sipgate_sip} ${sipgate_rtp}"

with these:

        server4 sip,myrtp accept src "${telekom} ${sipgate_sip}"
        client4 sip,theirrtp accept dst "${telekom} ${sipgate_sip}

More information about the Firehol-support mailing list