Different weird problem.using the integrated firewall

Using FreePBX-13, latest versions, up-to-date everything.

First, good work.

Now, on to the thing that makes that sound hollow.

Last night, while troubleshooting a system, the Firewall module popped up and said something about the Ethernet port configuration was wrong and they were in the wrong zone. I looked at it, and sure enough, the Firewall module said “eth0” was the interior address and was in the “default” zone (basically, wide open). I wasn’t really paying a lot of attention, so I clicked “Internal” and clicked the check mark.

It wasn’t until I clicked that that I realized that eth0 is the EXTERNAL interface. Somehow, the Firewall module freaked out and locked the system up.

It was late, so I put in a call to the floor supervisor to let her know there might be a problem. She power-cycled the server and when it rebooted, everything was back to normal eth0 was my external interface and the internal interface was eth1.

It isn’t the first time I’ve had an issue with the firewall module. On another server, I had all kinds of problems getting incoming calls to work. I had accidentally included a “blank”/“null” entry in the list of whitelisted addresses (the VOIP provider uses host authentication). I finally "SqlYog"ed my way into the database and deleted the blank entry.

After that, one of the two addresses for the VOIP provider came up. The two trunks are set up exactly the same (same options, etc.) yet one will authenticate and one won’t. The traffic appears to be getting blocked in the firewall.

Finally, the “adaptive connection” feature appears to be wicked cool and I really like it - the problem with it is that it never reports any activity. I know there are several cockshuckers out there trying to steal phone service from the system and when I look in the jail files, I see them. The management panel doesn’t see them.

I’ve managed to beat the system into submission on all of these, so I don’t actually NEED anything, but I thought the community might like to know that the firewall module may not be completely ready for prime-time.