Hello FreePBX fans,
We have everything running…
But need to query if an IP is blocked (from command line).
There appears to not be any zone for the blocked attackers… or at least I cannot figure out what it is.
fwconsole firewall list blacklist only works to show blacklisted IP (which are manually added).
fwconsole firewall list blocked does not work, as blocked is not a valid zone.
How do we list the blocked attackers from command line?
Depending on the answer to #1, to add and remove an IP from command line, you need the zone.
It’s all in iptables. Any iptables commands will show you everything like iptables -l will list everything.
Hope you are doing well.
You would think this… but I can assure you that none of the blocked attacker IPs show in iptables.
Hosts detected by the Responsive firewall are in various files in this folder:
You can grep
ATTACKER for ip addresses, which will include the blocked hosts, but will also include hosts that have been recently unblocked. Probably the easiest way to get a list of blocked hosts from the CLI is to file a feature request to have the argument added to
Perfect… got what we need from that.
I will put in a request (as it will be much cleaner processes then grep’ing the file.
Now, how to remove from the blacklist ?
fwconsole firewall del blacklist 188.8.131.52
Error: Host ‘184.108.40.206’ is not currently in the blacklist.
Cannot figure out what zone these are placed, as blacklist (shows as empty) and says not currently blacklisted.
I also tried attacker (and ATTACKER) as zones, but says unknown entry.
fwconsole firewall del attacker 220.127.116.11
Attempting to remove 18.104.22.168 from ‘attacker’ Zone … Unknown entry!
What zone are these in?
Hosts that Responsive Firewall classifies as blocked are not on the blacklist, so you can’t list or remove them using the fwconsole tools for the blacklist zone. It sounds like your feature request should include the ability to both list responsive blocked hosts and to remove a host from the responsive blocked list.
I have opened a feature request.
In the meantime, I updated the firewall to the latest version (as we were getting timeouts again and could not view IPs lists).
I see blocked attacker IPs in portal, but after the update there are now no files in /proc/self/net/xt_recent
Did they move to a new location with this latest update or is something broken?
FYI… with this latest update the overview and blocked pages are now responding instantly … never had that in prior versions.
When firewall is stopped (or restarted) these files get removed and may take a while to reappear. My guess is that the are back now.