Firewall Rules corrupted - over and over

ris2 · August 3, 2016, 10:19pm

I decided to re-visit an issue I had updating the firewall module. I “gave up” in the past by reverting to an older version, I but I really prefer to keep everything up to date, especially for important modules like the firewall.

Everything is up to date, and I even moved to “edge” module updates.

PBX Firmware: 10.13.66-14
Firewall Module: 13.0.36.2

I am receiving the following message every ~30 seconds in the console:
Broadcast message from [email protected] (Wed Aug 3 16:52:13 2016):

Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log

Broadcast message from [email protected] (Wed Aug  3 16:52:22 2016):

Firewall service now starting.

It repeats over and over and over.

I cleared the firewall.log, waited for the alert, and then saved out a copy to http://sprunge.us/RfaD.

Other than a few PHP Notice lines, the only errors I see are:
1470261279: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run dmesg' for more information. 1470261279: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker iptables: Invalid argument. Rundmesg’ for more information.
{lines removed}
1470261279: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker
ip6tables: Invalid argument. Run dmesg' for more information. 1470261279: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker iptables: Invalid argument. Rundmesg’ for more information.

“dmesg” output is blank

I’ve uninstalled and removed from hard disk the firewall module, then reinstalled fresh going through the wizard and the config page to re-apply all my settings, all to no avail.

I appreciate any ideas about what’s going wrong here?

bksales · August 3, 2016, 10:25pm

do you have ipv6 enabled

lgaetz · August 3, 2016, 10:41pm

Are you using a virtual environment, and if so what? Part of the corrupted firewall rules message is to reboot, have you done so?

ris2 · August 3, 2016, 10:59pm

IPv6 appears to be enabled, and ip addr show has an IPv6 address for eth0 and lo, but not venet0 (which has my public IP).

This is a VM hosted by PowerPBX.

Yes, the machine has been rebooted (more than once). After reboot the 5 minute safemode count down runs, then the firewall starts, and then the console messages start.

bksales · August 3, 2016, 11:28pm

i would use a rather brute force approach. do a backup, load a fresh system and restore the backup.

ris2 · August 4, 2016, 3:46pm

I also had a ticket open with PowerPBX, and at first they wanted to say this was an issue with FreePBX, but after further research they sent me this:

We needed to increase a limit on the recent module on the physical server.

After they did that, the firewall no longer errors and all appears well. I confirmed that with them and they are making the change across their infrastructure.

connextechs · September 29, 2017, 12:19am

Hey Billy, do you know what exactly they needed to increase? I am running FreePBX on a cloud server and occasionally I’m getting this message and as soon as the message appears, everything gets locked out of the PBX. Really need to get it solved.