I had a confusing experience and wanted to share it. At first I thought there was a major bug; now I think there’s a minor bug or just undocumented behavior (or I haven’t read enough documentation).
I set up some networks in the Firewall - Networks tab, all as Trusted. As I clicked the + sign to add new networks, one that I had set as Trusted changed to red-colored Internet, so I set it back. (minor bug I believe)
When I had them entered I clicked Save but found that the new trusted networks were being blocked.
I logged in on SSH and listed the iptables rules and found indeed that the new networks were not trusted.
While still logged into the shell, I navigated away from the Firewall module in FreePBX and suddenly a broadcast message came up in the shell saying the firewall was being restarted. After that, I looked at iptables again and the rules were correct.
My takeaway from this is that even though I clicked Save, the rules weren’t applied until I navigated away from the Firewall module in the GUI.
As there’s a bit of noise about firewall recently, I’ll tell you what SHOULD happen!
When you click save, a root hook (managed by sysadmin) is triggered to update iptables.
If it was not picked up, you’d get an error about Incron not running
As it was picked up, that means incron was running, and handed it to the sysadmin service which either didn’t run it, or was broken. You’ll see the errors in /var/log/messages.
The error you saw was because firewall picked up that something had meddled with iptables, and it needed to clean everything up and restart itself.