Thank you for the link. I was using centos 7 firewalld to block all incoming connections and white listing what i needed but I notice my sip trunk provider ip kept changing base on the /var/log/messages. Some call would not come through or only one way audio. When i allowed 10000-20000 UDP i dont have problem but I felt it was insecure to allow such wide range of open ports. Thus, I asked the question here. I wish there was something similar to port triggers in router whereas it only allow to communicate back if I sent information out.