Question:

I have the following Firewall rule set up for another of my clients to allow SIP 5060 from 125.213.160.81 (MyNetFone VoIP server) only. As it is inverted, 5060 to “Any” should be Blocked.

However the NAT Active sessions table still shows the hacker attacks. I would assume that the above rule is not working. Can you please tell me what I have done wrong?

Solution:

From NAT Active sessions table  we get “95.211.109.136   5074   wan1”
This means “TCP/UDP, Port from 5060 to any” cannot block   95.211.109.136 5074.
Change Firewall / edit filter set / edit filter rule / filter set 2 rule 2/ service type/    TCP/UDP, Port from any to 5060 (your original rule is from 5060 to any).