My IP range is:
xx.xx.94.16 -> xx.xx.94.23
This gives a usable range of:
xx.xx.94.17 -> xx.xx.94.22
My router's public IP address is: xx.xx.94.17, the SIP VOIP handset is allocated xx.xx.94.18 (I am going to add others).
This is working great and all of my SIP/VOIP issues have gone away. However I can't seem to block access to non-SIP ports on the public IP range. In particular I want to block access to port 80 which is the administration web interface for the handset.
I added a filter rule to block:
Direction: WAN -> LAN
Source IP: Any
Destination IP: Any
Service Type: TCP Port 80
Filter Action: Block Immediately
However this is totally ignored.
I then tried the approach of setting the default rule in General Setup to block everything and then added rules to allow full access from LAN to WAN and then open specific WAN -> LAN ports for SIP. That seems to be totally ignored as well and disabled outbound internet access from the NAT'd LAN.
I also tried following this guide (obviously changing the ports to suit my own needs) but again the filters are just ignored:
IP Filter/Firewall - IP Filter Samples - FTP server.
I am running the very latest firmware (220.127.116.11_211801).
If this was a "normal" router or firewall device I'd have no problems (I've worked with Cisco, Summit, Linux IPTables etc), but the DrayTek config is driving me up the wall.
Is the DrayTek firewall just fundamentally broken in some way?
Nildram (7yrs) -> ADSL24(1yr) -> AAISP