So, I’m running into a bit of a problem here. I need to add someone to the “trusted” zone on several FreePBX servers, but due to circumstances beyond my control, will have to utilize dynamic DNS to make this happen (I know, I know…)
That said, I’ve added hosts using FQDN before and it’s worked. However, today I added this one using “fwconsole firewall add trusted hostname.example.com” (of course replacing hostname.example.com with the actual FQDN.) It reports success, you can see it’s been added in the FreePBX GUI, etc.
However, when you look at the iptables rules on the PBX, the IP for that name is not there. I’ve waited over an hour, and still nothing.
This is happening on several FreePBX 14 boxen (which are up-to-date.) I also have a FreePBX 15 server as my personal PBX and doing this same process yields the expected result (the appropriate IP is resolved and added to iptables.)
Is there some process/switch/etc. that can be flipped on/off to enable/disable these FQDN lookups? I’m not seeing any in documentation, but it’s odd that it’s happening across multiple FreePBX 14 machines. Just wanting to make sure I’m not overlooking something obvious here.
Well there is going to be one issue with this. iptables doesn’t do recurring lookups on DNS, it looks up the FQDN when started and that’s that. So this will not work as a DynDNS solution like you think because when a DynDNS record is updated, the firewall will never know and the previous IP will still be used until you restart the firewall.
I don’t have a 14 system at hand, but testing with firewall module ver. 15.0.26 I’m unable to repro this. Are you using the CLI to add the fqdn to the trusted list, because there may be a bug there FREEPBX-18511. It takes a few minutes for the rule to be added after adding the fqdn to the networks list.