Freepbx version is 15.0.17.38.
There is no hacker “incident”. I’m saying that the iptables rules are not blocking people from attempting rogue connections to my server.
The source of the iptables misconfiguration is confirmed to be the Freepbx dashboard. Submitting a change causes the rules to be messed up.
When you see the name of a chain it does not mean that there is an overall ACCEPT. It means that the rules of that chain are executed. At the end of the chain there should be a RETURN rule that comes back and causes the next chain of rules to be executed. This way you build up a chain of chains until you get to the very end of INPUT and execute the default action.
@billsimon - It seems that the initial way RFW worked was to be in front of Fail2Ban (RFW is NOT fail2ban, it’s xt_recent), there are actually a bunch of places within the code of RFW that prove that. So theoretically, you’re right that it was designed to work this way, but this was a bad idea.
This only really came to light once there was more work at including Intrusion Prevention (which uses fail2ban) as part of Firewall instead of Sysadmin.
@Basildane - Try the newest patch of firewall: fwconsole ma downloadinstall http://mirror1.freepbx.org/modules/packages/firewall/firewall-15.0.11.tgz fwconsole chown fwconsole r
If its not wrong, then why are hackers freely playing in my system even though their IP’s were banned 24 hours ago?
And when I reordered the input chain, they immediately dropped.
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SIP all – 0.0.0.0/0 0.0.0.0/0
fpbxfirewall all – 0.0.0.0/0 0.0.0.0/0
It will not bring down anything in your system, it will just fix the firewall.
No need to keep harping on this issue - it’s a confirmed bug and has been fixed.