Blocked out of FreeBPX (hosted at vultr) several times

Hello there

First of all I am new here and would like to welcome and greeting you all.

Well I just started with FreePBX just few weeks ago hoping to learn more about VOIP in general and how does FreePBX work. Currently I’m experimenting now with FreePBX installed in my Lab and another hosted on vultr. I even manged to create 2 extensions and registered my matrix sparsh v110 phone and my laptop (with softphone microship installed).

I have a very hard time with my FreePBX getting blocked several times. At first I destroyed my freePBX instance and deployed another, and got blocked out again and removed it. Now this my third freePBX deployed and I did not to remove it. I got some tips to unlock me from one website.
Also my wan ip is not truly static but has not changed for more than a year now.
I executed all the commands below

fwconsole firewall trust xxx.xxx.xxx.xxx
fwconsole firewall stop
fwconsole firewall start
fail2ban-client set pbx-gui unbanip xxx.xxx.xxx.xxx
fail2ban-client set ssh-iptables unbanip xxx.xxx.xxx.xxx
fail2ban-client set asterisk-iptables unbanip xxx.xxx.xxx.xxx
fail2ban-client set recidive unbanip xxx.xxx.xxx.xxx

After few minutes I was able to get back to FreePBX. My question is this issue related with vultr or FreePBX ? If this FreeBPX issue how can I fix so I don’t have to get blocked again.

https://wiki.freepbx.org/display/fpg/firewall+getting+started+guide

During the initial Firewall configuration my WAP IP : 182.255.29.19 was added to the trusted zone. Why would I repeated getting blocked. ?

Now I’m blocked again.

Also add this IP address to Connectivity → Firewall → Intrusion Detection → Whitelist.

I did whitelist my wan ip:182.255.29.19 as well during the initial setup.

Do you think maybe I need to setup my dynamic dns account with dynDNS (my preffered choice) as some folks in other forums suggested. Then put my FQDN in both the trusted zone and whitelist

First use

iptables -L -n | less

to see which ‘chain’ is blocking you.

I’ve run the command but I cannot seem to make sense of the output (see below)

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-recidive all – 0.0.0.0/0 0.0.0.0/0
fail2ban-zulu tcp – 0.0.0.0/0 0.0.0.0/0
fail2ban-api tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
fail2ban-BadBots tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
fail2ban-FTP tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 21
fail2ban-apache-auth all – 0.0.0.0/0 0.0.0.0/0
fail2ban-SSH tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 22
fail2ban-PBX-GUI all – 0.0.0.0/0 0.0.0.0/0
fail2ban-SIP all – 0.0.0.0/0 0.0.0.0/0
fpbxfirewall all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0

…
…

Chain fpbx-rtp (1 references)
target prot opt source destination
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp dpts:4000:4999

Chain fpbxattacker (6 references)
target prot opt source destination
all – 0.0.0.0/0 0.0.0.0/0 recent: SET name: ATTACKER side: source mask: 255.255.255.255
DROP all – 0.0.0.0/0 0.0.0.0/0

Chain fpbxblacklist (1 references)
target prot opt source destination

Chain fpbxchecktempwhitelist (1 references)
target prot opt source destination
fpbxtempwhitelist all – 0.0.0.0/0 0.0.0.0/0 ! recent: CHECK name: REPEAT side: source mask: 255.255.255.255

Chain fpbxfirewall (1 references)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 connmark match ! 0x20 state RELATED,ESTABLISHED
ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 255.255.255.255
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
fpbx-rtp all – 0.0.0.0/0 0.0.0.0/0
fpbxblacklist all – 0.0.0.0/0 0.0.0.0/0
fpbxsignalling all – 0.0.0.0/0 0.0.0.0/0
fpbxsmarthosts all – 0.0.0.0/0 0.0.0.0/0
fpbxregistrations all – 0.0.0.0/0 0.0.0.0/0

fpbxnets all – 0.0.0.0/0 0.0.0.0/0
fpbxhosts all – 0.0.0.0/0 0.0.0.0/0
fpbxinterfaces all – 0.0.0.0/0 0.0.0.0/0
fpbxreject all – 0.0.0.0/0 0.0.0.0/0
fpbxrfw all – 0.0.0.0/0 0.0.0.0/0 mark match 0x2/0x2
ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
lefilter tcp – 0.0.0.0/0 0.0.0.0/0 match-set lefilter dst
fpbxlogdrop all – 0.0.0.0/0 0.0.0.0/0

Chain fpbxhosts (1 references)
target prot opt source destination
zone-trusted all – 127.0.0.1 0.0.0.0/0

Chain fpbxinterfaces (1 references)
target prot opt source destination
zone-external all – 0.0.0.0/0 0.0.0.0/0

Chain fpbxknownreg (0 references)
target prot opt source destination
all – 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: REPEAT side: source mask: 255.255.255.255
all – 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: ATTACKER side: source mask: 255.255.255.255
all – 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: TEMPWHITELIST side: source mask: 255.255.255.255
all – 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: WHITELIST side: source mask: 255.255.255.255
MARK all – 0.0.0.0/0 0.0.0.0/0 MARK or 0x4
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 mark match 0x1/0x1
fpbxsvc-ucp all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-zulu all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-restapps all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-restapps_ssl all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-provis all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-provis_ssl all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-api all – 0.0.0.0/0 0.0.0.0/0
fpbxsvc-api_ssl all – 0.0.0.0/0 0.0.0.0/0

Chain fpbxlogdrop (1 references)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0

Chain fpbxnets (1 references)
target prot opt source destination
zone-trusted all – 182.255.29.19 0.0.0.0/0
zone-trusted all – 202.58.251.26 0.0.0.0/0

Hello there

Just to let you know that my problem has been solved and I’m not sure how it ended up not being blocked again. It has been several days now since the last blocked. I guess the Responsive Firewall was smart enough to figure my ip address was legitimate maybe.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.