Hello everyone,
As per the title, I am having issues with the Firewall module on my FreePBX installation. It keeps on crashing, yet the Dashboard shows the status of Firewall as ‘online’
The log file in /tmp/ shows the following error message:
rfw rule 3 not valid (Is '-m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -j fpbxattacker', should start with '-m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource')
THIS MAY BE A KERNEL ISSUE. IF THIS KEEPS OCCURRING REBOOT YOUR MACHINE URGENTLY.
1588197287: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log
' returned 0
Redirecting to /bin/systemctl stop fail2ban.service
Starting firewall.
1588197305: Monitoring parent (voipfirewalld) died. Shutting down!
I can see that most likely this fails because of the ‘error’ message up in the log which reads:
1588197251: /sbin/ip6tables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 86400 --hitcount 200 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run `dmesg' for more information.
1588197251: /sbin/iptables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 86400 --hitcount 200 --name REPEAT --rsource -j fpbxattacker
iptables: Invalid argument. Run `dmesg' for more information.
1588197251: /sbin/ip6tables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 300 --hitcount 100 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run `dmesg' for more information.
1588197251: /sbin/iptables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 300 --hitcount 100 --name REPEAT --rsource -j fpbxattacker
iptables: Invalid argument. Run `dmesg' for more information.
1588197251: /sbin/ip6tables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 60 --hitcount 50 --name REPEAT --rsource -j fpbxshortblock
ip6tables: Invalid argument. Run `dmesg' for more information.
1588197251: /sbin/iptables -w5 -W10000 -A fpbxratelimit -m recent --rcheck --seconds 60 --hitcount 50 --name REPEAT --rsource -j fpbxshortblock
iptables: Invalid argument. Run `dmesg' for more information.
I have been doing some digging to ensure that everything is installed/enabled.
Iptables version:
[root]# iptables --version
iptables v1.4.21
ipt_recent or xt_recent loaded:
[root]# lsmod | grep xt_recent
xt_recent 4242 -2
FreePBX version:
FreePBX 15.0.16.49
Linux version:
[root]# cat /etc/os-release
NAME=“CentOS Linux”
VERSION=“7 (Core)”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“7”
PRETTY_NAME=“CentOS Linux 7 (Core)”
ANSI_COLOR=“0;31”
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
Kernel version:
[root]# uname -r
3.10.0
The system runs on OpenVZ 7.
Unfortunately, I have run out of ideas on what could cause this - is it a bug?
Thanks for looking!
Maciej