ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Sangoma Responsive Firewall Error on FreePBX

    IT Discussion
    freepbx linux centos 6
    2
    14
    5.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by scottalanmiller

      Brand new FreePBX installation (distro). Everything is stock, install was from the ISO. Initial firewall setup results in the firewall just restarting over and over again. Here is the error.

      rfw rule 2 not valid (Is '-m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker', should start with '-m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource')

      Anyone seen this one before?

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        Here is the complete output of the log, including the part where the log tells you to look in the same log for more info.

        Starting firewall.
1463587870: Wall: 'Firewall service now starting.

' returned 0
1463587871: INTERFACE INIT: eth0 => trusted
1463587871: /sbin/iptables -N fpbxfirewall
iptables: Invalid argument. Run `dmesg' for more information.
1463587871: /sbin/ip6tables -N fpbxfirewall
1463587871: /sbin/iptables -I INPUT -j fpbxfirewall
1463587871: /sbin/ip6tables -I INPUT -j fpbxfirewall
1463587871: /sbin/iptables -N fpbxfirewall
iptables: Chain already exists.
1463587871: /sbin/ip6tables -N fpbxfirewall
ip6tables: Chain already exists.
1463587871: /sbin/ip6tables -A fpbxfirewall -i lo -j ACCEPT
1463587871: /sbin/iptables -A fpbxfirewall -i lo -j ACCEPT
1463587871: /sbin/ip6tables -A fpbxfirewall -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
1463587871: /sbin/iptables -A fpbxfirewall -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
1463587871: /sbin/ip6tables -A fpbxfirewall -p udp --sport 1:1024 -m state --state RELATED,ESTABLISHED -j ACCEPT
1463587872: /sbin/iptables -A fpbxfirewall -p udp --sport 1:1024 -m state --state RELATED,ESTABLISHED -j ACCEPT
1463587872: /sbin/iptables -A fpbxfirewall -p icmp -j ACCEPT
1463587872: /sbin/ip6tables -A fpbxfirewall -p ipv6-icmp -j ACCEPT
1463587872: /sbin/iptables -A fpbxfirewall -d 255.255.255.255/32 -j ACCEPT
1463587872: /sbin/ip6tables -A fpbxfirewall -m pkttype --pkt-type multicast -j ACCEPT
1463587872: /sbin/iptables -A fpbxfirewall -m pkttype --pkt-type multicast -j ACCEPT
1463587872: /sbin/ip6tables -A fpbxfirewall -p udp -m udp --dport 67:68 --sport 67:68 -j ACCEPT
1463587872: /sbin/iptables -A fpbxfirewall -p udp -m udp --dport 67:68 --sport 67:68 -j ACCEPT
1463587872: /sbin/iptables -N fpbx-rtp
1463587872: /sbin/ip6tables -N fpbx-rtp
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbx-rtp
1463587872: /sbin/iptables -A fpbxfirewall -j fpbx-rtp
1463587872: /sbin/iptables -N fpbxblacklist
1463587872: /sbin/ip6tables -N fpbxblacklist
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxblacklist
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxblacklist
1463587872: /sbin/iptables -N fpbxsignalling
1463587872: /sbin/ip6tables -N fpbxsignalling
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxsignalling
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxsignalling
1463587872: /sbin/iptables -N fpbxsmarthosts
1463587872: /sbin/ip6tables -N fpbxsmarthosts
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxsmarthosts
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxsmarthosts
1463587872: /sbin/iptables -N fpbxregistrations
1463587872: /sbin/ip6tables -N fpbxregistrations
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxregistrations
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxregistrations
1463587872: /sbin/iptables -N fpbxnets
1463587872: /sbin/ip6tables -N fpbxnets
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxnets
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxnets
1463587872: /sbin/iptables -N fpbxhosts
1463587872: /sbin/ip6tables -N fpbxhosts
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxhosts
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxhosts
1463587872: /sbin/iptables -N fpbxinterfaces
1463587872: /sbin/ip6tables -N fpbxinterfaces
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxinterfaces
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxinterfaces
1463587872: /sbin/iptables -N fpbxreject
1463587872: /sbin/ip6tables -N fpbxreject
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxreject
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxreject
1463587872: /sbin/iptables -N fpbxrfw
1463587872: /sbin/ip6tables -N fpbxrfw
1463587872: /sbin/ip6tables -A fpbxfirewall -m mark --mark 0x2/0x2 -j fpbxrfw
1463587872: /sbin/iptables -A fpbxfirewall -m mark --mark 0x2/0x2 -j fpbxrfw
1463587872: /sbin/iptables -N fpbxlogdrop
1463587872: /sbin/ip6tables -N fpbxlogdrop
1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxlogdrop
1463587872: /sbin/iptables -A fpbxfirewall -j fpbxlogdrop
1463587872: /sbin/iptables -N zone-trusted
1463587872: /sbin/ip6tables -N zone-trusted
1463587872: /sbin/ip6tables -A zone-trusted -j ACCEPT
1463587872: /sbin/iptables -A zone-trusted -j ACCEPT
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name REPEAT --rsource 
1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name REPEAT --rsource 
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name DISCOVERED --rsource 
1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name DISCOVERED --rsource 
1463587872: /sbin/iptables -N fpbxattacker
1463587872: /sbin/ip6tables -N fpbxattacker
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run `dmesg' for more information.
1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker
iptables: Invalid argument. Run `dmesg' for more information.
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker
1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker
1463587872: /sbin/iptables -N fpbxshortblock
1463587872: /sbin/ip6tables -N fpbxshortblock
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 10 --name SIGNALLING --rsource -j fpbxshortblock
1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 10 --name SIGNALLING --rsource -j fpbxshortblock
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name SIGNALLING --rsource 
1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name SIGNALLING --rsource 
1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run `dmesg' for more information.
1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker
iptables: Invalid argument. Run `dmesg' for more information.
1463587872: /sbin/ip6tables -A fpbxrfw -j ACCEPT
1463587872: /sbin/iptables -A fpbxrfw -j ACCEPT
1463587872: /sbin/ip6tables -A fpbxattacker -m recent --set --name ATTACKER --rsource 
1463587872: /sbin/iptables -A fpbxattacker -m recent --set --name ATTACKER --rsource 
1463587872: /sbin/ip6tables -A fpbxattacker -j LOG --log-prefix 'attacker: '
1463587872: /sbin/iptables -A fpbxattacker -j LOG --log-prefix 'attacker: '
1463587872: /sbin/ip6tables -A fpbxattacker -j DROP
1463587872: /sbin/iptables -A fpbxattacker -j DROP
1463587872: /sbin/ip6tables -A fpbxshortblock -m recent --set --name CLAMPED --rsource 
1463587872: /sbin/iptables -A fpbxshortblock -m recent --set --name CLAMPED --rsource 
1463587872: /sbin/ip6tables -A fpbxshortblock -j LOG --log-prefix 'clamped: '
1463587872: /sbin/iptables -A fpbxshortblock -j LOG --log-prefix 'clamped: '
1463587872: /sbin/ip6tables -A fpbxshortblock -j REJECT
1463587872: /sbin/iptables -A fpbxshortblock -j REJECT
1463587872: /sbin/ip6tables -A fpbxlogdrop -j REJECT
1463587872: /sbin/iptables -A fpbxlogdrop -j REJECT
1463587872: /sbin/iptables -N fpbxknownreg
1463587872: /sbin/ip6tables -N fpbxknownreg
1463587872: /sbin/ip6tables -A fpbxknownreg -m mark --mark 0x1/0x1 -j ACCEPT
1463587872: /sbin/iptables -A fpbxknownreg -m mark --mark 0x1/0x1 -j ACCEPT
1463587872: /sbin/iptables -N fpbxsvc-ucp
1463587872: /sbin/ip6tables -N fpbxsvc-ucp
1463587872: /sbin/ip6tables -A fpbxknownreg -j fpbxsvc-ucp
1463587872: /sbin/iptables -A fpbxknownreg -j fpbxsvc-ucp
1463587872: /sbin/iptables -N fpbxsvc-zulu
1463587872: /sbin/ip6tables -N fpbxsvc-zulu
1463587872: /sbin/ip6tables -A fpbxknownreg -j fpbxsvc-zulu
1463587872: /sbin/iptables -A fpbxknownreg -j fpbxsvc-zulu
1463587872: /sbin/ip6tables -A fpbxinterfaces -i eth0 -j zone-trusted
1463587872: /sbin/iptables -A fpbxinterfaces -i eth0 -j zone-trusted
1463587872: /sbin/iptables -A fpbxnets -s 109.98.255.68/32 -j zone-trusted
1463587872: /sbin/iptables -A fpbxnets -s 109.98.255.0/24 -j zone-trusted
1463587873: /sbin/iptables -N fpbxsvc-ssh
1463587873: /sbin/ip6tables -N fpbxsvc-ssh
1463587873: /sbin/ip6tables -F fpbxsvc-ssh
1463587873: /sbin/ip6tables -A fpbxsvc-ssh -p tcp -m tcp --dport 22 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-ssh
1463587873: /sbin/iptables -A fpbxsvc-ssh -p tcp -m tcp --dport 22 -j ACCEPT
1463587873: /sbin/iptables -N zone-external
1463587873: /sbin/ip6tables -N zone-external
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-ssh
1463587873: /sbin/iptables -N zone-internal
1463587873: /sbin/ip6tables -N zone-internal
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ssh
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-ssh
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ssh
1463587873: /sbin/iptables -N fpbxsvc-http
1463587873: /sbin/ip6tables -N fpbxsvc-http
1463587873: /sbin/ip6tables -F fpbxsvc-http
1463587873: /sbin/ip6tables -A fpbxsvc-http -p tcp -m tcp --dport 80 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-http
1463587873: /sbin/iptables -A fpbxsvc-http -p tcp -m tcp --dport 80 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-http
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-http
1463587873: /sbin/iptables -N fpbxsvc-https
1463587873: /sbin/ip6tables -N fpbxsvc-https
1463587873: /sbin/ip6tables -F fpbxsvc-https
1463587873: /sbin/ip6tables -A fpbxsvc-https -p tcp -m tcp --dport 443 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-https
1463587873: /sbin/iptables -A fpbxsvc-https -p tcp -m tcp --dport 443 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-https
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-https
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-https
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-https
1463587873: /sbin/ip6tables -F fpbxsvc-ucp
1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 81 -j ACCEPT
1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 8001 -j ACCEPT
1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 8003 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-ucp
1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 81 -j ACCEPT
1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 8001 -j ACCEPT
1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 8003 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-ucp
1463587873: /sbin/iptables -N zone-other
1463587873: /sbin/ip6tables -N zone-other
1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-ucp
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ucp
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-ucp
1463587873: /sbin/iptables -A zone-other -j fpbxsvc-ucp
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ucp
1463587873: /sbin/iptables -N fpbxsvc-pjsip
1463587873: /sbin/ip6tables -N fpbxsvc-pjsip
1463587873: /sbin/ip6tables -F fpbxsvc-pjsip
1463587873: /sbin/ip6tables -A fpbxsvc-pjsip -p udp -m udp --dport 5060 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-pjsip
1463587873: /sbin/iptables -A fpbxsvc-pjsip -p udp -m udp --dport 5060 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-pjsip
1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-pjsip
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-pjsip
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-pjsip
1463587873: /sbin/iptables -A zone-other -j fpbxsvc-pjsip
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-pjsip
1463587873: /sbin/iptables -N fpbxsvc-chansip
1463587873: /sbin/ip6tables -N fpbxsvc-chansip
1463587873: /sbin/ip6tables -F fpbxsvc-chansip
1463587873: /sbin/ip6tables -A fpbxsvc-chansip -p udp -m udp --dport 5061 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-chansip
1463587873: /sbin/iptables -A fpbxsvc-chansip -p udp -m udp --dport 5061 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-chansip
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-chansip
1463587873: /sbin/iptables -N fpbxsvc-iax
1463587873: /sbin/ip6tables -N fpbxsvc-iax
1463587873: /sbin/ip6tables -F fpbxsvc-iax
1463587873: /sbin/ip6tables -A fpbxsvc-iax -p udp -m udp --dport 4569 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-iax
1463587873: /sbin/iptables -A fpbxsvc-iax -p udp -m udp --dport 4569 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-iax
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-iax
1463587873: /sbin/iptables -N fpbxsvc-webrtc
1463587873: /sbin/ip6tables -N fpbxsvc-webrtc
1463587873: /sbin/ip6tables -F fpbxsvc-webrtc
1463587873: /sbin/ip6tables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8088 -j ACCEPT
1463587873: /sbin/ip6tables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8089 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-webrtc
1463587873: /sbin/iptables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8088 -j ACCEPT
1463587873: /sbin/iptables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8089 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-webrtc
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-webrtc
1463587873: /sbin/iptables -N fpbxsvc-isymphony
1463587873: /sbin/ip6tables -N fpbxsvc-isymphony
1463587873: /sbin/ip6tables -F fpbxsvc-isymphony
1463587873: /sbin/ip6tables -A fpbxsvc-isymphony -p tcp -m tcp --dport 58080 -j ACCEPT
1463587873: /sbin/ip6tables -A fpbxsvc-isymphony -p tcp -m tcp --dport 55050 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-isymphony
1463587873: /sbin/iptables -A fpbxsvc-isymphony -p tcp -m tcp --dport 58080 -j ACCEPT
1463587873: /sbin/iptables -A fpbxsvc-isymphony -p tcp -m tcp --dport 55050 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-isymphony
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-isymphony
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-isymphony
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-isymphony
1463587873: /sbin/iptables -N fpbxsvc-provis
1463587873: /sbin/ip6tables -N fpbxsvc-provis
1463587873: /sbin/ip6tables -F fpbxsvc-provis
1463587873: /sbin/ip6tables -A fpbxsvc-provis -p tcp -m tcp --dport 83 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-provis
1463587873: /sbin/iptables -A fpbxsvc-provis -p tcp -m tcp --dport 83 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-provis
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-provis
1463587873: /sbin/iptables -A zone-other -j fpbxsvc-provis
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-provis
1463587873: /sbin/iptables -N fpbxsvc-vpn
1463587873: /sbin/ip6tables -N fpbxsvc-vpn
1463587873: /sbin/ip6tables -F fpbxsvc-vpn
1463587873: /sbin/ip6tables -A fpbxsvc-vpn -p udp -m udp --dport 1194 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-vpn
1463587873: /sbin/iptables -A fpbxsvc-vpn -p udp -m udp --dport 1194 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-vpn
1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-vpn
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-vpn
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-vpn
1463587873: /sbin/iptables -A zone-other -j fpbxsvc-vpn
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-vpn
1463587873: /sbin/iptables -N fpbxsvc-restapps
1463587873: /sbin/ip6tables -N fpbxsvc-restapps
1463587873: /sbin/ip6tables -F fpbxsvc-restapps
1463587873: /sbin/ip6tables -A fpbxsvc-restapps -p tcp -m tcp --dport 84 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-restapps
1463587873: /sbin/iptables -A fpbxsvc-restapps -p tcp -m tcp --dport 84 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-restapps
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-restapps
1463587873: /sbin/iptables -N fpbxsvc-xmpp
1463587873: /sbin/ip6tables -N fpbxsvc-xmpp
1463587873: /sbin/ip6tables -F fpbxsvc-xmpp
1463587873: /sbin/ip6tables -A fpbxsvc-xmpp -p tcp -m tcp --dport 5222 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-xmpp
1463587873: /sbin/iptables -A fpbxsvc-xmpp -p tcp -m tcp --dport 5222 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-xmpp
1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-xmpp
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-xmpp
1463587873: /sbin/iptables -A zone-external -j fpbxsvc-xmpp
1463587873: /sbin/iptables -A zone-other -j fpbxsvc-xmpp
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-xmpp
1463587873: /sbin/iptables -N fpbxsvc-ftp
1463587873: /sbin/ip6tables -N fpbxsvc-ftp
1463587873: /sbin/ip6tables -F fpbxsvc-ftp
1463587873: /sbin/ip6tables -A fpbxsvc-ftp -p tcp -m tcp --dport 21 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-ftp
1463587873: /sbin/iptables -A fpbxsvc-ftp -p tcp -m tcp --dport 21 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ftp
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ftp
1463587873: /sbin/iptables -N fpbxsvc-tftp
1463587873: /sbin/ip6tables -N fpbxsvc-tftp
1463587873: /sbin/ip6tables -F fpbxsvc-tftp
1463587873: /sbin/ip6tables -A fpbxsvc-tftp -p udp -m udp --dport 69 -j ACCEPT
1463587873: /sbin/iptables -F fpbxsvc-tftp
1463587873: /sbin/iptables -A fpbxsvc-tftp -p udp -m udp --dport 69 -j ACCEPT
1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-tftp
1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-tftp
1463587873: /sbin/iptables -N fpbxsvc-nfs
1463587873: /sbin/ip6tables -N fpbxsvc-nfs
1463587873: /sbin/iptables -N rejsvc-nfs
1463587873: /sbin/ip6tables -N rejsvc-nfs
1463587873: /sbin/ip6tables -A fpbxreject -j rejsvc-nfs
1463587873: /sbin/iptables -A fpbxreject -j rejsvc-nfs
1463587873: /sbin/iptables -N fpbxsvc-smb
1463587873: /sbin/ip6tables -N fpbxsvc-smb
1463587873: /sbin/iptables -N rejsvc-smb
1463587873: /sbin/ip6tables -N rejsvc-smb
1463587873: /sbin/ip6tables -A fpbxreject -j rejsvc-smb
1463587873: /sbin/iptables -A fpbxreject -j rejsvc-smb
1463587873: /sbin/ip6tables -A fpbx-rtp -p udp -m udp --dport 10000:20000 -j ACCEPT
1463587873: /sbin/ip6tables -A fpbx-rtp -p udp -m udp --dport 4000:4999 -j ACCEPT
1463587873: /sbin/iptables -A fpbx-rtp -p udp -m udp --dport 10000:20000 -j ACCEPT
1463587873: /sbin/iptables -A fpbx-rtp -p udp -m udp --dport 4000:4999 -j ACCEPT
1463587873: /sbin/iptables -A fpbxsignalling -p udp -m udp --dport 5061 -j MARK --set-xmark 0x1/0xffffffff
1463587873: /sbin/iptables -A fpbxsignalling -p udp -m udp --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
1463587873: /sbin/ip6tables -A fpbxhosts -s ::1/128 -j zone-trusted
1463587873: /sbin/iptables -A fpbxhosts -s 127.0.0.1/32 -j zone-trusted
rfw rule 2 not valid (Is '-m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker', should start with '-m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource')
THIS MAY BE A KERNEL ISSUE. IF THIS KEEPS OCCURRING REBOOT YOUR MACHINE URGENTLY.
1463587908: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log
' returned 0
ERROR  Unable to contact server. Is it running?
PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /var/www/html/admin/modules/sysadmin/hooks/fail2ban-generate on line 76
ERROR  Unable to contact server. Is it running?
        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          I should note that eth0 was not set to trusted in the interface. It was set to external.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            Module version was 13.0.28. Looks like a number of people reporting this error with 13.0.26 from two weeks ago.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              http://community.freepbx.org/t/firewall-v13-0-26-reporting-firewall-rules-corrupted/34765

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                @scottalanmiller said in Sangoma Responsive Firewall Error on FreePBX:

                I should note that eth0 was not set to trusted in the interface. It was set to external.

                Interesting that your setting seems not applied. If there are reports of errors, I would roll it back.

                I had a weird error on reboot at one point over the weekend, but everything was good after that.

                The FreePBX GUI makes it easy to roll back a module at least.

                Click check online in module admin and then you can see the "Previous" option in the module info that will show you the rollback buttons.

                0_1463589527104_upload-6b3d97e4-fb30-4441-a57e-75e2dfc8ddf0

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @scottalanmiller
                  last edited by

                  @scottalanmiller official issue tracker report: http://issues.freepbx.org/browse/FREEPBX-12342

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    New install, no rollbacks.

                    0_1463590043268_Screenshot from 2016-05-18 19:47:11.png

                    JaredBuschJ 2 Replies Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @scottalanmiller
                      last edited by

                      @scottalanmiller said in Sangoma Responsive Firewall Error on FreePBX:

                      New install, no rollbacks.

                      0_1463590043268_Screenshot from 2016-05-18 19:47:11.png

                      You can still roll it back to a prior version.

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @scottalanmiller
                        last edited by

                        @scottalanmiller You did not click the "Check Online" button first. Once you do, you will have the option as stated previously.

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @JaredBusch
                          last edited by

                          @JaredBusch said in Sangoma Responsive Firewall Error on FreePBX:

                          @scottalanmiller official issue tracker report: http://issues.freepbx.org/browse/FREEPBX-12342

                          LOL, got reported as I was discovering it 🙂

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @JaredBusch
                            last edited by

                            @JaredBusch said in Sangoma Responsive Firewall Error on FreePBX:

                            @scottalanmiller You did not click the "Check Online" button first. Once you do, you will have the option as stated previously.

                            I did that, actually. Let me try again.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              That worked (the rollback)... testing 3.0.27.1

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                Looks like that one is working, thanks.

                                1 Reply Last reply Reply Quote 1
                                • 1 / 1
                                • First post
                                  Last post