Rule Not working as expected - need guidance



  • I have a rule that is not working as expected and need some guidance on how to fix it.

    The rule is to protect our VOIP server.  What I have setup is as follows:

    From the Wan Interface, accept from any port, only from our VOIP provider network,  TCP/UDP packets to port 5060 and redirect it to the internal VOIP server.

    The issue is I though by doing this all other VOIP connections not from our VOIP provider would have been rejected by PFsense, yet the VOIP server is blocking via fail2band other IPs not in my VOIP provider Network.  This indicates that my port is somehow open but i'm not seeing how my rule would open it to others.

    Can somebody explain to me what i'm doing incorrectly.

    Thanks