Remote Extensions Firewall question - losing registration

Asterisk Asterisk Support
1

Anyone using IPtables have this issue?
I’m using iptables to drop 5060 by default, and added the rules below. Works great most of the time, but about once a week, one of my four locations (seemingly random which one) will lose all registrations on all the phones, and the phones won’t reconnect until I stop iptables, then start it back up. There’s nothing in the fail2ban jail or in fail2ban logs, but I’m thinking I glubbed up a rule that is preventing a phone from registering even though 5060 is set to accept from their IP, and it only works if the connection is established. Any guidance or insults to my bad firewall rules would be appreciated!

[code]# Generated by iptables-save v1.4.7 on Sun Jun 8 15:44:22 2014
*filter
:INPUT DROP [17:6098]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [7160:3128858]
:fail2ban-BadBots - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-PBX-GUI - [0:0]
:fail2ban-SIP - [0:0]
:fail2ban-SSH - [0:0]
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -j fail2ban-PBX-GUI
-A INPUT -j fail2ban-SIP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -j fail2ban-PBX-GUI
-A INPUT -j fail2ban-SIP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 19900:20000 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -s xxx.xxx.xxx.xxx/32 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -s yyy.yyy.yy.yyy/32 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -s zzz.zz.zz.zzz/32 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A INPUT -s fff.fff.ff.fff/32 -p tcp -m tcp --dport 5060 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A fail2ban-BadBots -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-PBX-GUI -j RETURN
-A fail2ban-SIP -j RETURN
-A fail2ban-SSH -j RETURN
COMMIT

Completed on Sun Jun 8 15:44:22 2014

[/code]