Any issues with firewall module v16.0.57.3?

Trusted list problems.

All of my trusted list addresses are not getting added to the Iptables Trusted list. Only some of them are there and rest are missing even though they are configured in Freepbx Firewall menu.

fwconsole firewall trust x.x.x.x works but the next time I go and make changes in the firewall menu and save it in freepbx, my previous configuration done via CLI is gone.

Downgrading the firewall module to 16.0.57.1 resolved the issue.

Thanks.

2 Likes

Same issue here. Automatic updates were disabled to prevent firewall from upgrading.

have you filed a ticket: https://issues.freepbx.org

I haven’t created a ticket. Estefania, have you?

Hi @dsubs, a ticket was created by our FreePBX hosting provider on our behalf, but I am waiting for them to give me access to the ticket so I can see the outcome.

Hi @dsubs @erivas

Tested locally and we are unable to reproduce the issue and Im not seeing any Jira related to the issue mentioned above.

Can you please create a jira and update the module list and steps to reproduce the issue.

Thank you.

1 Like

Do you have Sangoma connect installed on your test environment? I observed this after I installed sangoma connect and a bunch of sangoma push notification servers got added to the trusted list. I don’t think you would reproduce it if you have only few networks in trusted list.

After the sangoma connect push servers were added, any other networks that I was adding were not showing up in Iptables. I think I have about 25 in that list. So, you could test with a higher number of networks or ip addresses in the trusted list. And every time I saved the firewall trusted list, the IPtables in linux CLI would be different as it would randomly show only some of the above 25 addresses.

I hope this helps.

Hi @dsubs

I have installed Sangoma connect module and I have total 28 IP’s in my trusted list and all 28 IP’s are showing fine if I run “iptables -L fpbxnets” from the CLI.

Also can you please check are you seeing any error in “/var/log/asterisk/firewall.log”

Thank you

@psandesh

This issue has also occurred with 15.0.42. We think it could have something to do with the changes made for FREEPBX-23571 just purely based on the timing.

I did not notice any errors in firewall.log on the small handful of customer systems where this issue occurred, just several networks that appeared in the GUI and fwconsole firewall list trusted did not make their way into the “fpbxnets” chain in iptables somehow.

We have held back this update on production servers, but we have multiple test / demo servers we can use to try and reproduce it if necessary.

I am not sure it is tied to the number of trusted networks, or Sangoma Connect. The last customer that experienced it had only 23 trusted networks, and doesn’t even have Sangoma Connect module installed.

We opened a support ticket (PM me for details) if you’d like to reach out to us via the ticket. We should be able to reproduce it and give you guys access to a system that exhibits the problem. I believe we may already be working on that.

Thank you,

Nate / CyberLynk

I am having the same or similar issue with firewall v 15.0.42. I have a total of 22 Local Networks on my Firewall, but iptables freepbx lists only 11 of them, the last 11 networks that were added. But, if I restart the server (haven’t just restarted the firewall yet) all networks are properly added, so I don’t know at what point are my networks removed. I have replicated this issue over different deployments.

We continue to assist customers experiencing this issue with firewall modules v 15.0.42 and 16.0.57.3 - trusted networks listed correctly in the GUI’s Connectivity>Firewall>Networks list are not being written out to iptables.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.