Incorrect Subnet Mask on Sangoma Smart Firewall Interface

herbw · May 8, 2019, 7:26pm

After installing freepbx 14 / asterisk 13, I enabled the Sangoma Smart Firewall. My workstation is on my DMZ, which has a subnet mask of 255.255.255.240 (/28). However, the Firewall Interfaces GUI shows this as a Trusted Interface with a /24 Subnet Mask. This is incorrect and dangerous, as it would treat some outside hosts as trusted. I can not find any way to correct this Subnet Mask.

fwconsole firewall list trusted does not show this rule.

From the command line, I tried:
fwconsole firewall stop
fwconsole firewall untrust xxx.xxx.xxx.xxx/24
fwconsole firewall trust xxx.xxx.xxx.xxx/28
fwconsole firewall start

but this did not resolve the problem. My Networks tab now shows the correct rule, but my Interfaces tab still shows the INCORRECT rule.

How can I get rid of this incorrect interface definition?

lgaetz · May 8, 2019, 7:44pm

AFAIK, Firewall just pulls the interface directly from the OS. What is the subnet mask showing in ifconfig?

herbw · May 8, 2019, 8:02pm

Thanks, Lorne. That was the problem, and it’s fixed now.

For what it’s worth, I did manually configure the interface, including the subnet mask, gateway, and DNS servers during the installation process. IP address, gateway, and DNS servers were all correct, but subnet mask somehow got lost.

system · May 22, 2019, 8:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.