Celeb Glow
general | March 10, 2026

Is the Whitelist Network Service Filter Feature on ASUS Routers broken?

I have a ASUS RT-N16 router running firmware version 3.0.0.4.374_4422

I have a voip phone (physical) with it's own private IP address (for the purpose of discussion, let's call it 192.168.0.1) and would like to restrict communication for it so it ONLY can talk to my VOIP server in the cloud (let's call it 50.50.50.50 - again, this is a fictitious example).

I thought I could do this by adding a whitelist policy under Firewall -> Network Services Filter.

I tried adding the following in the Network Services Filter Table:

Source IP: 192.168.0.1
Port Range: 1:65535
Destination IP: 50.50.50.50
Port Range: 1:65535
Protocol: TCP
Source IP: 192.168.0.1
Port Range: 1:65535
Destination IP: 50.50.50.50
Port Range: 1:65535
Protocol: UDP

I also configured the following:

Enable Network Services Filter: Yes
Filter table type: White List
Well-Known Applications: User Defined
Date to Enable LAN to WAN Filter: Mon, Tue, Wed, Thu, Fri
Time of Day to Enable LAN to WAN Filter: 00:00 - 23:59
Date to Enable LAN to WAN Filter: Sat, Sun
Time of Day To Enable LAN to WAN Filter: 00:00-23:59
Filtered ICMP packet types: <blank>

There are no other rules in the table.

After enabling this, internet connectivity was blocked for all devices. This leads me to believe that the Network Services Filter is broken. Can someone confirm? Is there another way to accomplish what I'm looking for?

1 Answer

My current solution for using a VOIP device, that fails to use STUN or UPNP:

  1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)
  2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP

This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.

I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.

Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP

  • Activate JFFS partition and format it on next reboot (Administration -> System)
  • Activate SSH (Administration -> System)
  • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)
  • Connect with WinSCP using SCP and upload the wanted nat-start script.

You Might Also Like

What is the significance of II.9 in a Kingdom Hearts 3 scene?

Is there a way to craft Podzol in Minecraft?

Is there a hard limit to the number of trees able to exist in your town smaller than what is geometrically possible by the rules of tree growth?