Firewall Questions

(Alice Brassfield) #1

Hi, @xrobau is it still ok for me to post on this thread with some issues I am having with the firewall or is there somewhere else I should post?

FreePBX Firewall Thread! (2nd Post has status)
(Rob Thomas) #2

I’ve moved your post to a new thread, there’s a pile of messages in the old one.

(Alice Brassfield) #3

Thank you so much. I am a bit new to posting on this forum so I am sorry for any mistake

I have a FreePBX box version wit the System FIreWall This issue happens every second reboot. The FreePBX box is not in production and I am in the process of setting it up, every now and then I reboot it after making some changes. The second reboot gives me Firewall Rules are corrupted! in a loop.

No fpbxinterfaces in ipv6
1521767906: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log
’ returned 0

However, nothing on our network is giving out ipv6 address and it only has the default one.

Yesterday I had searched for that error mesasge and didn’t find anything. I did it again today and it actauly took me to this page: FREEPBX-14164 and it seems to be the same issue.

(Rob Thomas) #4

It sounds like you’ve disabled IPv6 in the kernel. You can’t do that, it causes all sorts of problems.

(Alice Brassfield) #5

Thanks, I didn’t know that.

(Alice Brassfield) #6

Hi, @xrobau

I have went ahead and re-enabled the ipv6 in the kernel but I am still getting these error messages. Do you have anything that may help me? So far I did :

  • /etc/sysconfig/network-scripts/ifcfg-eth0 has the following lines pertaining to ipv6

    • IPV6INIT=yes
    • IPV6_AUTOCONF=yes
    • IPV6_DEFROUTE=yes
    • IPV6_PEERDNS=yes
  • /etc/sysctl.d/99-sysctl.conf has

    • net.ipv6.conf.all.disable_ipv6 = 0
    • net.ipv6.conf.default.disable_ipv6 = 0
  • I ran sysctl -w net.ipv6.conf.all.disable_ipv6=0 and sysctl -w net.ipv6.conf.default.disable_ipv6=0

  • In /etc/default/grub I have GRUB_CMDLINE_LINUX="ipv6.disable=0 (after adding this to the existing line item I ran grub2-mkconfig -o /boot/grub2/grub.cfg and rebooted.)

(Rob Thomas) #7

Until you can type ip addr and see ipv6 link-local addresses, it will continue to error. I suggest you REMOVE everything related to your disabling of IPv6, rather than trying to set it to something.

(Alice Brassfield) #8

I have tried, I thought the above commands would re-enable it for me. Could you point me in the right direction of removing everything related to the disabled IPv6.

(Alice Brassfield) #9

Is this what I’m supposed to see image

(Rob Thomas) #10

Looks fine to me! So I’m guessing you’re getting a different error.

(Alice Brassfield) #11

This was the error message I was seeing yesterday before I posted again. I do have the same error message in my /tmp/firewall.log , but I am going to restart the box and monitor it for a few as it normally takes it a while to break. I will post an update on whether or not it is occurring again. Thanks again for all your help.

(Alice Brassfield) #12

This messaged started repeating itself:

And when I checked the log I saw :

(Rob Thomas) #13

Firewall requires Sysadmin. Sysadmin assumes that if you have a licence file, it hasn’t been tampered with.

(Alice Brassfield) #14

We do have Sysadmin, we recently bought it last week and I’ll look to see why it is giving that error.

It still says No fpbxinterfaces in ipv6, even though we do have it enabled, would the course of action be to destroy the VM and start over again?

(Alice Brassfield) #15

Hi sorry to go back to an old post, but does FreePBX require a gateway that has ipv6 enabled as well as an actual ipv6 ip assigned to it?

We built a new box and it is still having the same issue and when I check the activation sysadmin is there.

(Rob Thomas) #16

If your machine is still saying the licence file is tampered, then something crazy is happening with your machine, and there’s nothing we can do about that. Sorry!

(Alice Brassfield) #17

Thanks! I am going to take that box down and build a brand new one and hopefully, it all goes well. Thanks again for all the help/

(User permanently banned) #18

I just did the install of FreePBX with Asterisk-NAF for GoogleVoice SIP

I assumed I could Install the FreePBX Firewall.

I just found old posts talking about problems with Firewall on Debian, this is running on ubuntu 18.04

When I go to available modules and click on Firewall it says
Missing Requirements:
The File “/usr/lib/sysadmin/includes.php” must exist.
The Module Named “manager” is required.

From what I read here in this thread “Firewall requires Sysadmin. Sysadmin assumes that if you have a licence file” which seems to imply the FreePBX Firewall is a No-go witgh Open Source FreePBX?

Its all so confusing …

(Dave Burgess) #19

Unless you install a Distro system, the Manager module is not available. In fact, none of the commercial modules are available.

To install the firewall, you need to install a Distro system (not roll-your-own) and then “upgrade” the rest of the system to work with Google Voice. Good luck.

(Rob Thomas) #20

There’s no TECHNICAL reason why not - all the code is open source. The problem is that all the ‘stuff’ for secure privilege escalation of firewall is done as part of Sysadmin (which requires FreePBX Distro).

Someone just needs to figure out a way to do it on other OSs so it DOESN’T require that. And I can’t think of a good way to make it secure - in Distro it’s secure because it’s all root owned and RPM locked, along with all the preexisting integrity checking.