Exception Error - Firewall

Get this error when in Firewall and select Zones:

Exception
/­var/­www/­html/­admin/­modules/­firewall/­drivers/­Iptables.class.php1027

Also same error when open Dashboard

D Rubie

Please post the full error. It says more than just exception.

Exception thrown with message “/tmp/iptables.out wasn’t created”

Stacktrace:
#8 Exception in /var/www/html/admin/modules/firewall/drivers/Iptables.class.php:1027
#7 FreePBX\modules\Firewall\Drivers\Iptables:getCurrentIptables in /var/www/html/admin/modules/firewall/drivers/Iptables.class.php:29
#6 FreePBX\modules\Firewall\Drivers\Iptables:getZonesDetails in /var/www/html/admin/modules/firewall/Firewall.class.php:652
#5 FreePBX\modules\Firewall:getSystemZones in /var/www/html/admin/modules/firewall/Firewall.class.php:618
#4 FreePBX\modules\Firewall:getZone in /var/www/html/admin/modules/firewall/views/page.zones.php:72
#3 include in /var/www/html/admin/libraries/view.functions.php:205
#2 load_view in /var/www/html/admin/modules/firewall/Firewall.class.php:263
#1 FreePBX\modules\Firewall:showPage in /var/www/html/admin/modules/firewall/page.firewall.php:26
#0 include in /var/www/html/admin/config.php:555

Is this on the distro?

yes…it was working before and just started to give this error…

the server is hosted on freepbxhosting. I did the upgrade from version 12 to 13 in November last year.

Not sure what happened to produce this error

I’m also still getting this on the distro. Did an upgrade at around the same time, but I’ve been getting it consistently since then. Mostly been hobbying with it until now, but I’d like to start using it more seriously now, particularly to set up a separate VoIP line for my business calls.

Let me know if I can add any detail to help you resolve this.

I’m running on a (pretty low spec) VM at the moment.

Have you tried

su asterisk
touch /tmp/file

Does it work?

That works fine, but I have had other problems with the /tmp/ directory, updating Core usually results in a SQL error which I generally resolve by making the /tmp/ directory writable to everyone.

HUH? Why would your tmp directory not be writable by everyone?

The file mode should be (at least) RWS-RWX-RWX. The same with /var/tmp and /usr/tmp (if you have them).

That’s my general question. I think it’s the asterisk startup process that seems to change the permissions, but only since the upgrade.

I even added an exception in freepbx_chown.conf but it still never sticks. After after a restart or updating core it will be back to only writeable by the asterisk user.

It doesn’t stick because freepbx does not set permissions on that directory

If that directory’s permissions change again, start looking for malware.

How would I start that? I’m still a relative noob when it comes to systems administration! :grin:

Sorry, when I was trying to work out that issue it looked like these were used during asterisk startup, so I assumed that would work. At least that explains why it doesn’t! :slight_smile:

Checking installation for hackers is a good article from NerdVittles to check the health of your system. A good read even if your machine hasn’t been compromised.

1 Like

Thanks for the tip, I’ll have a thorough read of that one later!

That still leaves the issue with the firewall.

Below is the dump I get if I click on Zones. Let me know if you need anything else to help me work this one out!

Exception
=========
/tmp/iptables.out wasn't created

/var/www/html/admin/modules/firewall/drivers/Iptables.class.php: (1025 onwards)
				// Not root, need to run a hook.
				@unlink("/tmp/iptables.out");
				\FreePBX::Firewall()->runHook("getiptables");
				// Wait for up to 5 seconds for the output.
				$crashafter = time() + 5;
				while (!file_exists("/tmp/iptables.out")) {
					if ($crashafter > time()) {
						throw new \Exception("/tmp/iptables.out wasn't created");
					}
					usleep(200000);

Server/Request Data
===================

HTACCESS	on
HTTP_HOST	sip.*****.***:##
HTTP_CONNECTION	keep-alive
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
HTTP_UPGRADE_INSECURE_REQUESTS	1
HTTP_USER_AGENT	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
HTTP_REFERER	http://sip.*****.***:##/admin/config.php?display=firewall
HTTP_ACCEPT_ENCODING	gzip, deflate, sdch
HTTP_ACCEPT_LANGUAGE	en-GB,en-US;q=0.8,en;q=0.6
HTTP_COOKIE	lang=en_US; searchHide=1; PHPSESSID=eknpjqd0midtv97f5jve1n1l23; __utma=221444122.1160446600.1461235088.1461250681.1461255590.4; __utmc=221444122; __utmz=221444122.1461235088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
PATH	/sbin:/usr/sbin:/bin:/usr/bin
SERVER_SIGNATURE	<address>Apache/2.2.15 (CentOS) Server at sip.*****.*** Port ##</address>
SERVER_SOFTWARE	Apache/2.2.15 (CentOS)
SERVER_NAME	sip.*****.***
SERVER_ADDR	192.168.1.#
SERVER_PORT	##
REMOTE_ADDR	[redacted]
DOCUMENT_ROOT	/var/www/html
SERVER_ADMIN	[email protected]
SCRIPT_FILENAME	/var/www/html/admin/config.php
REMOTE_PORT	52730
GATEWAY_INTERFACE	CGI/1.1
SERVER_PROTOCOL	HTTP/1.1
REQUEST_METHOD	GET
QUERY_STRING	display=firewall&page=zones
REQUEST_URI	/admin/config.php?display=firewall&page=zones
SCRIPT_NAME	/admin/config.php
PHP_SELF	/admin/config.php
REQUEST_TIME	1461308015

GET Data
========

display	firewall
page	zones

POST Data
=========

empty

Files
=====

empty

Cookies
=======

lang	en_US
searchHide	1
PHPSESSID	eknpjqd0midtv97f5jve1n1l23
__utma	221444122.1160446600.1461235088.1461250681.1461255590.4
__utmc	221444122
__utmz	221444122.1461235088.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Session
=======

langdirection	ltr
module_name	firewall
module_page	firewall
AMP_user	ampuser Object ( [redacted] )

Environment Variables
=====================

empty

Registered Handlers
===================

0. Whoops\Handler\PrettyPageHandler

Your /tmp directory permissions can be set using “chown 777 root /tmp”. This isn’t as secure as some other settings (since it allows anyone with access to delete stuff from /tmp) but it should get you past this error.

There is definitely something strange going on here. The /tmp directory should be readable and writable by everyone.

Tried that but I still can’t view the zones in the FreePBX administration site.

Same issue here. Running on 10.13.66-9. An auto update is set for tomorrow at midnight to bring it to 10.13.66-11; hopefully this corrects the issue. If not I may have to remove and reinstall the firewall module.

I’m having the same exact issue. I’m using the distro and I’m currently running at 10.13.66-11. I’ve had to turn off the firewall at the command line using fwconsole firewall stop.

I also cannot view the Failed2Ban page. I get the following:
Exception thrown with message “Could not get banned list”

Stacktrace:
#5 Exception in /var/www/html/admin/modules/sysadmin/Sysadmin.class.php:1476
#4 FreePBX\modules\Sysadmin:getFail2BanList in /var/www/html/admin/modules/sysadmin/functions.inc/intrusion.php:58
#3 sysadmin_get_banned in /var/www/html/admin/modules/sysadmin/page.sysadmin.php:398
#2 include in /var/www/html/admin/libraries/BMO/GuiHooks.class.php:157
#1 FreePBX\GuiHooks:getOutput in /var/www/html/admin/libraries/BMO/GuiHooks.class.php:127
#0 FreePBX\GuiHooks:doIntercept in /var/www/html/admin/config.php:559