Exception Error - Firewall

havilah · March 13, 2016, 4:23am

Get this error when in Firewall and select Zones:

Exception
/var/www/html/admin/modules/firewall/drivers/Iptables.class.php1027

Also same error when open Dashboard

D Rubie

tm1000 · March 13, 2016, 5:47am

Please post the full error. It says more than just exception.

havilah · March 13, 2016, 4:16pm

Exception thrown with message “/tmp/iptables.out wasn’t created”

Stacktrace:
#8 Exception in /var/www/html/admin/modules/firewall/drivers/Iptables.class.php:1027
#7 FreePBX\modules\Firewall\Drivers\Iptables:getCurrentIptables in /var/www/html/admin/modules/firewall/drivers/Iptables.class.php:29
#6 FreePBX\modules\Firewall\Drivers\Iptables:getZonesDetails in /var/www/html/admin/modules/firewall/Firewall.class.php:652
#5 FreePBX\modules\Firewall:getSystemZones in /var/www/html/admin/modules/firewall/Firewall.class.php:618
#4 FreePBX\modules\Firewall:getZone in /var/www/html/admin/modules/firewall/views/page.zones.php:72
#3 include in /var/www/html/admin/libraries/view.functions.php:205
#2 load_view in /var/www/html/admin/modules/firewall/Firewall.class.php:263
#1 FreePBX\modules\Firewall:showPage in /var/www/html/admin/modules/firewall/page.firewall.php:26
#0 include in /var/www/html/admin/config.php:555

tm1000 · March 13, 2016, 5:22pm

Is this on the distro?

havilah · March 13, 2016, 7:09pm

yes…it was working before and just started to give this error…

the server is hosted on freepbxhosting. I did the upgrade from version 12 to 13 in November last year.

Not sure what happened to produce this error

CyberneticDave · April 21, 2016, 2:50pm

I’m also still getting this on the distro. Did an upgrade at around the same time, but I’ve been getting it consistently since then. Mostly been hobbying with it until now, but I’d like to start using it more seriously now, particularly to set up a separate VoIP line for my business calls.

Let me know if I can add any detail to help you resolve this.

I’m running on a (pretty low spec) VM at the moment.

tm1000 · April 21, 2016, 2:58pm

Have you tried

su asterisk
touch /tmp/file

Does it work?

CyberneticDave · April 21, 2016, 3:10pm

That works fine, but I have had other problems with the /tmp/ directory, updating Core usually results in a SQL error which I generally resolve by making the /tmp/ directory writable to everyone.

cynjut · April 21, 2016, 3:22pm

HUH? Why would your tmp directory not be writable by everyone?

The file mode should be (at least) RWS-RWX-RWX. The same with /var/tmp and /usr/tmp (if you have them).

CyberneticDave · April 21, 2016, 3:30pm

That’s my general question. I think it’s the asterisk startup process that seems to change the permissions, but only since the upgrade.

I even added an exception in freepbx_chown.conf but it still never sticks. After after a restart or updating core it will be back to only writeable by the asterisk user.

tm1000 · April 21, 2016, 3:40pm

It doesn’t stick because freepbx does not set permissions on that directory

cynjut · April 21, 2016, 3:49pm

If that directory’s permissions change again, start looking for malware.

CyberneticDave · April 21, 2016, 4:18pm

How would I start that? I’m still a relative noob when it comes to systems administration!

CyberneticDave · April 21, 2016, 4:19pm

Sorry, when I was trying to work out that issue it looked like these were used during asterisk startup, so I assumed that would work. At least that explains why it doesn’t!

cynjut · April 21, 2016, 4:26pm

Checking installation for hackers is a good article from NerdVittles to check the health of your system. A good read even if your machine hasn’t been compromised.

CyberneticDave · April 22, 2016, 8:22am

Thanks for the tip, I’ll have a thorough read of that one later!

That still leaves the issue with the firewall.

Below is the dump I get if I click on Zones. Let me know if you need anything else to help me work this one out!

Exception
=========
/tmp/iptables.out wasn't created

/var/www/html/admin/modules/firewall/drivers/Iptables.class.php: (1025 onwards)
				// Not root, need to run a hook.
				@unlink("/tmp/iptables.out");
				\FreePBX::Firewall()->runHook("getiptables");
				// Wait for up to 5 seconds for the output.
				$crashafter = time() + 5;
				while (!file_exists("/tmp/iptables.out")) {
					if ($crashafter > time()) {
						throw new \Exception("/tmp/iptables.out wasn't created");
					}
					usleep(200000);

Server/Request Data
===================

HTACCESS	on
HTTP_HOST	sip.*****.***:##
HTTP_CONNECTION	keep-alive
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
HTTP_UPGRADE_INSECURE_REQUESTS	1
HTTP_USER_AGENT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
HTTP_REFERER	http://sip.*****.***:##/admin/config.php?display=firewall
HTTP_ACCEPT_ENCODING	gzip, deflate, sdch
HTTP_ACCEPT_LANGUAGE	en-GB,en-US;q=0.8,en;q=0.6
HTTP_COOKIE	lang=en_US; searchHide=1; PHPSESSID=eknpjqd0midtv97f5jve1n1l23; __utma=221444122.1160446600.1461235088.1461250681.1461255590.4; __utmc=221444122; __utmz=221444122.1461235088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
PATH	/sbin:/usr/sbin:/bin:/usr/bin
SERVER_SIGNATURE	<address>Apache/2.2.15 (CentOS) Server at sip.*****.*** Port ##</address>
SERVER_SOFTWARE	Apache/2.2.15 (CentOS)
SERVER_NAME	sip.*****.***
SERVER_ADDR	192.168.1.#
SERVER_PORT	##
REMOTE_ADDR	[redacted]
DOCUMENT_ROOT	/var/www/html
SERVER_ADMIN	root@localhost
SCRIPT_FILENAME	/var/www/html/admin/config.php
REMOTE_PORT	52730
GATEWAY_INTERFACE	CGI/1.1
SERVER_PROTOCOL	HTTP/1.1
REQUEST_METHOD	GET
QUERY_STRING	display=firewall&page=zones
REQUEST_URI	/admin/config.php?display=firewall&page=zones
SCRIPT_NAME	/admin/config.php
PHP_SELF	/admin/config.php
REQUEST_TIME	1461308015

GET Data
========

display	firewall
page	zones

POST Data
=========

empty

Files
=====

empty

Cookies
=======

lang	en_US
searchHide	1
PHPSESSID	eknpjqd0midtv97f5jve1n1l23
__utma	221444122.1160446600.1461235088.1461250681.1461255590.4
__utmc	221444122
__utmz	221444122.1461235088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Session
=======

langdirection	ltr
module_name	firewall
module_page	firewall
AMP_user	ampuser Object ( [redacted] )

Environment Variables
=====================

empty

Registered Handlers
===================

0. Whoops\Handler\PrettyPageHandler

cynjut · April 22, 2016, 1:29pm

Your /tmp directory permissions can be set using “chown 777 root /tmp”. This isn’t as secure as some other settings (since it allows anyone with access to delete stuff from /tmp) but it should get you past this error.

There is definitely something strange going on here. The /tmp directory should be readable and writable by everyone.

CyberneticDave · April 26, 2016, 11:40am

Tried that but I still can’t view the zones in the FreePBX administration site.

fcd_3 · May 9, 2016, 4:27pm

Same issue here. Running on 10.13.66-9. An auto update is set for tomorrow at midnight to bring it to 10.13.66-11; hopefully this corrects the issue. If not I may have to remove and reinstall the firewall module.

tgross · May 17, 2016, 9:36pm

I’m having the same exact issue. I’m using the distro and I’m currently running at 10.13.66-11. I’ve had to turn off the firewall at the command line using fwconsole firewall stop.

I also cannot view the Failed2Ban page. I get the following:
Exception thrown with message “Could not get banned list”

Stacktrace:
#5 Exception in /var/www/html/admin/modules/sysadmin/Sysadmin.class.php:1476
#4 FreePBX\modules\Sysadmin:getFail2BanList in /var/www/html/admin/modules/sysadmin/functions.inc/intrusion.php:58
#3 sysadmin_get_banned in /var/www/html/admin/modules/sysadmin/page.sysadmin.php:398
#2 include in /var/www/html/admin/libraries/BMO/GuiHooks.class.php:157
#1 FreePBX\GuiHooks:getOutput in /var/www/html/admin/libraries/BMO/GuiHooks.class.php:127
#0 FreePBX\GuiHooks:doIntercept in /var/www/html/admin/config.php:559