I would like to be able to insert a custom chain in iptables INPUT chain row 1. That way incoming packets have to go through my custom rules before anything else including freepbx firewall/fail2ban rules.
Is there some way to do that? Every time I reboot it seems my custom chain gets overwritten by freepbx firewall and intrusion detection even if I save it with iptables save.
Does anyone know of a universal way to override all iptables FreePBX or Fail2ban rules? I cannot guarantee FreePBX firewall will be enabled so I can’t use the FreePBX custom firewall rules feature.
If it is just fail2ban enabled I need to override those rules if they exist. I was thinking maybe a cronjob that runs every 5 minutes that checks if my custom chain exists in row 1 of INPUT and if not to put it there. Seems a bit hacky though. Maybe there is a more elegant solution?
If you want to do it your way, you could
fwconsole firewall disable
no rules are there,
systemctl start fail2ban
f2b rules are there, then you can -I or -A and the rules would apply,
I ended up creating a cron job that runs a script every minute. That script inserts a custom chain as rule #1 if it doesn’t already exist. It then adds all my rules into the custom chain if they don’t already exist.
It’s a bit hacky but it gets the job done and seems to work with all scenarios. I suppose I could check for freepbx firewall and do things differently depending on if it is installed or not but this way is simpler.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.