Firewall rules corrupted

ray123 · August 1, 2016, 7:50pm

I keep getting the following error when restarting iptables:
[root@localhost etc]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost etc]#
Broadcast message from [email protected] (Mon Aug 1 15:47:37 2016):

Firewall Rules corrupted! Restarting in 5 seconds

Broadcast message from [email protected] (Mon Aug 1 15:47:41 2016):

Firewall service now starting.

I had CSF installed, and I uninstalled it but the error persists. I found that when I enter a host to blacklist in freepbx ti does not add it to the list in the freepbx GUI, and it also does not let me delete a host from the blacklist.

Is there a way for me to flush the IP tables? how would I do that?
I was reading this page for tips on configuring asterisk:
http://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/
My main issues is external ips trying to flood SIP and causing issues. This page It mentions the following rules to help in this regards:
-A TCPSIP -m string --string “REGISTER sip:” --algo bm -m recent --set --name SIP_R
-A TCPSIP -m string --string “REGISTER sip:” --algo bm -m recent --update --seconds 10 --hitcount 20 --rttl --name SIP_R -j DROP
-A UDPSIP -m string --string “REGISTER sip:” --algo bm --to 1500 -m recent --set --name SIP_R
-A UDPSIP -m string --string “REGISTER sip:” --algo bm --to 1500 -m recent --update --seconds 10 --hitcount 20 --rttl --name SIP_R -j DROP
-A TCPSIP -m string --string “INVITE sip:” --algo bm -m recent --set --name SIP_I
-A TCPSIP -m string --string “INVITE sip:” --algo bm -m recent --update --seconds 5 --hitcount 20 --rttl --name SIP_I -j DROP
-A UDPSIP -m string --string “INVITE sip:” --algo bm --to 1500 -m recent --set --name SIP_I
-A UDPSIP -m string --string “INVITE sip:” --algo bm --to 1500 -m recent --update --seconds 5 --hitcount 20 --rttl --name SIP_I -j DROP

I have no idea what this means. What do you think of these rules and where should these be added?

bksales · August 3, 2016, 4:01pm

do you have ipv6 enabled?

danielholloway · October 23, 2017, 8:16pm

This issue hit me randomly one morning. I spent a lot of time trying to follow up the IP/Firewall settings. In the end the issue was only that the IPv4 address that the server was using was taken by another device.

We are running low on IP’s and so the router gave up the IP to a phone over the weekend while the FreePBX server was offline as the UPS blew and I didn’t want to leave it running over the weekend unprotected.

I just changed the IP address to an available one in /etc/sysconfig/network-scripts/ifcfg-eth0 and rebooted, worked fine.

bksales · December 7, 2017, 7:53pm

you really should be running with static ip addresses (or at least dhcp reservation) for the pbx