The last time someone asked this question, there were a few really good reasons why Rob (@xrobau) said “No”.
It seems to me that his position was that there are very few things you need to do in the firewall that you can’t do with the GUI, and if there were any, let him know.
Have you put in a Feature Request for the specific items you want to add?
Thanks Rob for this update. I am very happy to hear that you will be working on this in the new year. I hope you have an enjoyable seasonal break
In answer to Dave Burgess above, I know FPBX has its own VPN settings in the GUI but OpenVPN has a fair bit more to it than the GUI allows.
We are networking three remote FreePBX sites to a central FreePBX, which handles most (but not all) of the trunks. The remote sites are all behind a NAT on dynamic IPs, whilst the central PBX is NONAT and Static IP in a Data Centre. For one remote site to call another remote site, it must go via the central server. Furthermore, one of the remote sites is in a jurisdiction that blocks VOIP, so to make this work seamlessly I have set up a VPN client on each machine and a VPN server on the central PBX. The Server VPN needs to have Forward and Masquerade set up so that clients can see each other.
It’s fairly easy to set up OpenVPN manually in the ovpn files and then to insert the relevant rules into iptables. Everything works until the FreePBX firewall kicks in and overwrites my iptables rules.
So I am delighted that Rob will be looking into this soon. In the meantime - I will just try not to restart the firewall!
Did you get a chance to look at this issue please?
SInce the original report was raised, I had occasion to restart another server which has thrown up the same issue. After restart, the FreePBX firewall wipes out my Forward and NAT Masquerade rules.
I do hope I haven’t caused you any offence. If so, I assure you it was unintentional and I do appreciate your valuable guidance.
Sorry to sound so needy but this firewall issue is still causing problems. I did download a recent update to the Firewall, which of course required a reload. Again all my forwarding and nat rules were flushed which broke the VPN.
I realise you must have other priorities, but you mentioned this was a job for “early in the New year”, so I was just wondering if you had a timeline for this?
TBH it isnt causing huge problems, its just that everytime there is a reboot or restart involving the firewall, I have to manually re enter the forward and masquerade rules.
It doesn’t happen that often so more of an annoyance really. Just something that keeps nagging at me to do…
Isn’t there a “custom” thing that can be executed after the server restarts?
I seem to recall someone needing something that ran on every boot (it’s been a few years ago) but don’t you guys have something in “fwconsole start” that executes a batch file in /etc/asterisk?
While not solving the problem directly, I’d think it would be pretty simple to check for the existence of a “/etc/asterisk/after_boot” file and source it if it exists as part of fwconsole…
If that existed, Andy’s problem with the additional firewall rules could be solved, someone else’s “after asterisk is running, I need to run this program” problem goes away in one swell foop.