Unless I have an IP address/port entry in the csf.allow (tcp|in|d=5061|s=my_ip_address/32), incoming SIP signaling with TLS transport (not UDP) on port 5061 is blocked.
I suspect SPI is rejecting this traffic.
Is it possible to turn off SPI on specific ports?
port 5061 is being opened with port knocking. I can see incoming traffic on tcp 5061 port with tcpdump, so I guess port has been successfully opened by port knocks.