Firewall not preventing web access

abcym15 · December 4, 2018, 5:51pm

Hello,
I am having some issues today with various FreePBX boxes running the FreePBX firewall. Some of them have locked out remote extensions, others have dropped their IAX2 trunks and my main system seems to not like the firewall at all!

I am dealing with these issues one by one - but my main problem at the moment is that, on my main system, the firewall appears to be running but actually I can get in remotely from any URL.

Is there a command I could run and copy the result here for somebody to help me out, please?

I have:
Deleted the firewall module
Rebooted the box
Re-downloaded and installed the firewall module
Interface is set to Internet
Networks - I have 4 whitelisted in here, but even networks not on the whitelist can get web access
Under Services, Web Management is set to local.

I am also getting an e-mail every few seconds from Fail2ban about attackers to SSH and SIP ports.

service iptables status:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 fail2ban-recidive all – 0.0.0.0/0 0.0.0.0/0
2 fail2ban-BadBots tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
3 fail2ban-FTP tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 21
4 fail2ban-apache-auth tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 80
5 fail2ban-SSH tcp – 0.0.0.0/0 0.0.0.0/0 multiport dports 22
6 fail2ban-SIP all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain fail2ban-BadBots (1 references)
num target prot opt source destination
1 RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-FTP (1 references)
num target prot opt source destination
1 RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SIP (1 references)
num target prot opt source destination
1 RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SSH (1 references)
num target prot opt source destination
1 REJECT all – 151.80.155.3 0.0.0.0/0 reject-with icmp-port-unreachable
2 RETURN all – 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-apache-auth (1 references)
num target prot opt source destination
1 RETURN all – 0.0.0.0/0 0.0.0.0/0

BlazeStudios · December 4, 2018, 6:15pm

Well I dont see any of the firewall rules there. Might explain why it is open.

abcym15 · December 4, 2018, 6:31pm

That’s probably it then!!

Any ideas where I even begin to set that right?

PitzKey · December 4, 2018, 7:10pm

A good start https://wiki.freepbx.org/display/FPG/Firewall

abcym15 · December 4, 2018, 7:18pm

Resolved by uninstalling and deleting the firewall module (again) and installing it again.

system · December 11, 2018, 7:19pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.