How To Disable All External Traffic Except Whitelist? Firewalld Throwing iptables Error

Hello, I’ve recently begun updating FreePBX systems from 13 to 15 (distro) and on our own custom rolled systems, we use firewalld so it’s trivial to only allow traffic from a specific source, i.e. IP(s). However, in SNG7, I can’t seem to find a way to disable all external access excepted the whitelisted / “trusted networks”. I’ve tried disabling the adaptive firewall, but I’m still seeing a decent amount of traffic coming through (on the FPBX dashboard), about 10kbps avg.

So, what’s the standard way for blocking all traffic except for whitelist IP source? Is there a way to use firewalld (i.e. before traffic even reaches FPBX’s firewall) without iptables/freepbx internal firewall conflict?

I did search the forums and documentation, but I found a lot of conflicting answers and a few possible solutions (like disabling 'responsive firewall") that seemed to not limit all traffic.


Video: Open Source Pro Tips #2 - Firewall Basics

Hi @lgaetz, thanks for the links. So I found:

How do I reject traffic?
All traffic that isn’t explicitly allowed is already rejected. This firewall implements a ‘deny by default’ rule. More information is on the Firewall Zones page. In addition there is a blacklist which can be populated with hosts, see the ‘Blacklist’ tab on

I’ve disabled all services that I can, yet, I’m still seeing incoming traffic on ntop… so what gives?

Additionally, why can’t I “reject” SSH service traffic? I suppose setting to local is fine, just a bit strange that reject is not an option.

This should be the case regardless of the firewall you implement. The firewall operates in promiscuous mode, so the connections to the firewall get processed and rejected.

What kind of incoming traffic are you seeing?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.