I suppose the aforementioned fix to disable SIP ALG only applies to 6.x. This worked on 7.x:
Edit this line:
DONT_LOAD=
In these two files:
/etc/e-smith/templates/etc/shorewall/shorewall.conf/60options
/etc/shorewall/shorewall.conf
to:
DONT_LOAD=nf_conntrack_sip
Edit /etc/shorewall/conntrack and comment out the lines for SIP
create /etc/modprobe.d/blacklist.conf and add this line:
blacklist nf_conntrack_sip
Reboot