Firewall Questions

Hi, @xrobau is it still ok for me to post on this thread with some issues I am having with the firewall or is there somewhere else I should post?

I’ve moved your post to a new thread, there’s a pile of messages in the old one.

Thank you so much. I am a bit new to posting on this forum so I am sorry for any mistake

I have a FreePBX box version 14.0.1.36 wit the System FIreWall 13.0.49.2. This issue happens every second reboot. The FreePBX box is not in production and I am in the process of setting it up, every now and then I reboot it after making some changes. The second reboot gives me Firewall Rules are corrupted! in a loop.

No fpbxinterfaces in ipv6
1521767906: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log
’ returned 0

However, nothing on our network is giving out ipv6 address and it only has the default one.

Yesterday I had searched for that error mesasge and didn’t find anything. I did it again today and it actauly took me to this page: FREEPBX-14164 and it seems to be the same issue.

It sounds like you’ve disabled IPv6 in the kernel. You can’t do that, it causes all sorts of problems.

Thanks, I didn’t know that.

1 Like

Hi, @xrobau

I have went ahead and re-enabled the ipv6 in the kernel but I am still getting these error messages. Do you have anything that may help me? So far I did :

  • /etc/sysconfig/network-scripts/ifcfg-eth0 has the following lines pertaining to ipv6

    • IPV6INIT=yes
    • IPV6_AUTOCONF=yes
    • IPV6_DEFROUTE=yes
    • IPV6_FAILURE_FATAL=no
    • IPV6_PEERDNS=yes
    • IPV6_PEERROUTES=yes
  • /etc/sysctl.d/99-sysctl.conf has

    • net.ipv6.conf.all.disable_ipv6 = 0
    • net.ipv6.conf.default.disable_ipv6 = 0
  • I ran sysctl -w net.ipv6.conf.all.disable_ipv6=0 and sysctl -w net.ipv6.conf.default.disable_ipv6=0

  • In /etc/default/grub I have GRUB_CMDLINE_LINUX="ipv6.disable=0 (after adding this to the existing line item I ran grub2-mkconfig -o /boot/grub2/grub.cfg and rebooted.)

Until you can type ip addr and see ipv6 link-local addresses, it will continue to error. I suggest you REMOVE everything related to your disabling of IPv6, rather than trying to set it to something.

I have tried, I thought the above commands would re-enable it for me. Could you point me in the right direction of removing everything related to the disabled IPv6.

Is this what I’m supposed to see image

Looks fine to me! So I’m guessing you’re getting a different error.

This was the error message I was seeing yesterday before I posted again. I do have the same error message in my /tmp/firewall.log , but I am going to restart the box and monitor it for a few as it normally takes it a while to break. I will post an update on whether or not it is occurring again. Thanks again for all your help.

This messaged started repeating itself:
image

And when I checked the log I saw :

Firewall requires Sysadmin. Sysadmin assumes that if you have a licence file, it hasn’t been tampered with.

We do have Sysadmin, we recently bought it last week and I’ll look to see why it is giving that error.

It still says No fpbxinterfaces in ipv6, even though we do have it enabled, would the course of action be to destroy the VM and start over again?

Hi sorry to go back to an old post, but does FreePBX require a gateway that has ipv6 enabled as well as an actual ipv6 ip assigned to it?

We built a new box and it is still having the same issue and when I check the activation sysadmin is there.

If your machine is still saying the licence file is tampered, then something crazy is happening with your machine, and there’s nothing we can do about that. Sorry!

Thanks! I am going to take that box down and build a brand new one and hopefully, it all goes well. Thanks again for all the help/

I just did the install of FreePBX with Asterisk-NAF for GoogleVoice SIP

I assumed I could Install the FreePBX Firewall.

I just found old posts talking about problems with Firewall on Debian, this is running on ubuntu 18.04

When I go to available modules and click on Firewall it says
Missing Requirements:
The File “/usr/lib/sysadmin/includes.php” must exist.
The Module Named “manager” is required.

From what I read here in this thread “Firewall requires Sysadmin. Sysadmin assumes that if you have a licence file” which seems to imply the FreePBX Firewall is a No-go witgh Open Source FreePBX?

Its all so confusing …

Unless you install a Distro system, the Manager module is not available. In fact, none of the commercial modules are available.

To install the firewall, you need to install a Distro system (not roll-your-own) and then “upgrade” the rest of the system to work with Google Voice. Good luck.

There’s no TECHNICAL reason why not - all the code is open source. The problem is that all the ‘stuff’ for secure privilege escalation of firewall is done as part of Sysadmin (which requires FreePBX Distro).

Someone just needs to figure out a way to do it on other OSs so it DOESN’T require that. And I can’t think of a good way to make it secure - in Distro it’s secure because it’s all root owned and RPM locked, along with all the preexisting integrity checking.

2 Likes