Sangoma Responsive Firewall Error on FreePBX
-
Brand new FreePBX installation (distro). Everything is stock, install was from the ISO. Initial firewall setup results in the firewall just restarting over and over again. Here is the error.
rfw rule 2 not valid (Is '-m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker', should start with '-m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource')
Anyone seen this one before?
-
Here is the complete output of the log, including the part where the log tells you to look in the same log for more info.
Starting firewall. 1463587870: Wall: 'Firewall service now starting. ' returned 0 1463587871: INTERFACE INIT: eth0 => trusted 1463587871: /sbin/iptables -N fpbxfirewall iptables: Invalid argument. Run `dmesg' for more information. 1463587871: /sbin/ip6tables -N fpbxfirewall 1463587871: /sbin/iptables -I INPUT -j fpbxfirewall 1463587871: /sbin/ip6tables -I INPUT -j fpbxfirewall 1463587871: /sbin/iptables -N fpbxfirewall iptables: Chain already exists. 1463587871: /sbin/ip6tables -N fpbxfirewall ip6tables: Chain already exists. 1463587871: /sbin/ip6tables -A fpbxfirewall -i lo -j ACCEPT 1463587871: /sbin/iptables -A fpbxfirewall -i lo -j ACCEPT 1463587871: /sbin/ip6tables -A fpbxfirewall -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 1463587871: /sbin/iptables -A fpbxfirewall -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 1463587871: /sbin/ip6tables -A fpbxfirewall -p udp --sport 1:1024 -m state --state RELATED,ESTABLISHED -j ACCEPT 1463587872: /sbin/iptables -A fpbxfirewall -p udp --sport 1:1024 -m state --state RELATED,ESTABLISHED -j ACCEPT 1463587872: /sbin/iptables -A fpbxfirewall -p icmp -j ACCEPT 1463587872: /sbin/ip6tables -A fpbxfirewall -p ipv6-icmp -j ACCEPT 1463587872: /sbin/iptables -A fpbxfirewall -d 255.255.255.255/32 -j ACCEPT 1463587872: /sbin/ip6tables -A fpbxfirewall -m pkttype --pkt-type multicast -j ACCEPT 1463587872: /sbin/iptables -A fpbxfirewall -m pkttype --pkt-type multicast -j ACCEPT 1463587872: /sbin/ip6tables -A fpbxfirewall -p udp -m udp --dport 67:68 --sport 67:68 -j ACCEPT 1463587872: /sbin/iptables -A fpbxfirewall -p udp -m udp --dport 67:68 --sport 67:68 -j ACCEPT 1463587872: /sbin/iptables -N fpbx-rtp 1463587872: /sbin/ip6tables -N fpbx-rtp 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbx-rtp 1463587872: /sbin/iptables -A fpbxfirewall -j fpbx-rtp 1463587872: /sbin/iptables -N fpbxblacklist 1463587872: /sbin/ip6tables -N fpbxblacklist 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxblacklist 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxblacklist 1463587872: /sbin/iptables -N fpbxsignalling 1463587872: /sbin/ip6tables -N fpbxsignalling 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxsignalling 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxsignalling 1463587872: /sbin/iptables -N fpbxsmarthosts 1463587872: /sbin/ip6tables -N fpbxsmarthosts 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxsmarthosts 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxsmarthosts 1463587872: /sbin/iptables -N fpbxregistrations 1463587872: /sbin/ip6tables -N fpbxregistrations 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxregistrations 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxregistrations 1463587872: /sbin/iptables -N fpbxnets 1463587872: /sbin/ip6tables -N fpbxnets 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxnets 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxnets 1463587872: /sbin/iptables -N fpbxhosts 1463587872: /sbin/ip6tables -N fpbxhosts 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxhosts 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxhosts 1463587872: /sbin/iptables -N fpbxinterfaces 1463587872: /sbin/ip6tables -N fpbxinterfaces 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxinterfaces 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxinterfaces 1463587872: /sbin/iptables -N fpbxreject 1463587872: /sbin/ip6tables -N fpbxreject 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxreject 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxreject 1463587872: /sbin/iptables -N fpbxrfw 1463587872: /sbin/ip6tables -N fpbxrfw 1463587872: /sbin/ip6tables -A fpbxfirewall -m mark --mark 0x2/0x2 -j fpbxrfw 1463587872: /sbin/iptables -A fpbxfirewall -m mark --mark 0x2/0x2 -j fpbxrfw 1463587872: /sbin/iptables -N fpbxlogdrop 1463587872: /sbin/ip6tables -N fpbxlogdrop 1463587872: /sbin/ip6tables -A fpbxfirewall -j fpbxlogdrop 1463587872: /sbin/iptables -A fpbxfirewall -j fpbxlogdrop 1463587872: /sbin/iptables -N zone-trusted 1463587872: /sbin/ip6tables -N zone-trusted 1463587872: /sbin/ip6tables -A zone-trusted -j ACCEPT 1463587872: /sbin/iptables -A zone-trusted -j ACCEPT 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name REPEAT --rsource 1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name REPEAT --rsource 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name DISCOVERED --rsource 1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name DISCOVERED --rsource 1463587872: /sbin/iptables -N fpbxattacker 1463587872: /sbin/ip6tables -N fpbxattacker 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker ip6tables: Invalid argument. Run `dmesg' for more information. 1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource -j fpbxattacker iptables: Invalid argument. Run `dmesg' for more information. 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker 1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker 1463587872: /sbin/iptables -N fpbxshortblock 1463587872: /sbin/ip6tables -N fpbxshortblock 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 10 --name SIGNALLING --rsource -j fpbxshortblock 1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 60 --hitcount 10 --name SIGNALLING --rsource -j fpbxshortblock 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --set --name SIGNALLING --rsource 1463587872: /sbin/iptables -A fpbxrfw -m recent --set --name SIGNALLING --rsource 1463587872: /sbin/ip6tables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker ip6tables: Invalid argument. Run `dmesg' for more information. 1463587872: /sbin/iptables -A fpbxrfw -m recent --rcheck --seconds 86400 --hitcount 100 --name REPEAT --rsource -j fpbxattacker iptables: Invalid argument. Run `dmesg' for more information. 1463587872: /sbin/ip6tables -A fpbxrfw -j ACCEPT 1463587872: /sbin/iptables -A fpbxrfw -j ACCEPT 1463587872: /sbin/ip6tables -A fpbxattacker -m recent --set --name ATTACKER --rsource 1463587872: /sbin/iptables -A fpbxattacker -m recent --set --name ATTACKER --rsource 1463587872: /sbin/ip6tables -A fpbxattacker -j LOG --log-prefix 'attacker: ' 1463587872: /sbin/iptables -A fpbxattacker -j LOG --log-prefix 'attacker: ' 1463587872: /sbin/ip6tables -A fpbxattacker -j DROP 1463587872: /sbin/iptables -A fpbxattacker -j DROP 1463587872: /sbin/ip6tables -A fpbxshortblock -m recent --set --name CLAMPED --rsource 1463587872: /sbin/iptables -A fpbxshortblock -m recent --set --name CLAMPED --rsource 1463587872: /sbin/ip6tables -A fpbxshortblock -j LOG --log-prefix 'clamped: ' 1463587872: /sbin/iptables -A fpbxshortblock -j LOG --log-prefix 'clamped: ' 1463587872: /sbin/ip6tables -A fpbxshortblock -j REJECT 1463587872: /sbin/iptables -A fpbxshortblock -j REJECT 1463587872: /sbin/ip6tables -A fpbxlogdrop -j REJECT 1463587872: /sbin/iptables -A fpbxlogdrop -j REJECT 1463587872: /sbin/iptables -N fpbxknownreg 1463587872: /sbin/ip6tables -N fpbxknownreg 1463587872: /sbin/ip6tables -A fpbxknownreg -m mark --mark 0x1/0x1 -j ACCEPT 1463587872: /sbin/iptables -A fpbxknownreg -m mark --mark 0x1/0x1 -j ACCEPT 1463587872: /sbin/iptables -N fpbxsvc-ucp 1463587872: /sbin/ip6tables -N fpbxsvc-ucp 1463587872: /sbin/ip6tables -A fpbxknownreg -j fpbxsvc-ucp 1463587872: /sbin/iptables -A fpbxknownreg -j fpbxsvc-ucp 1463587872: /sbin/iptables -N fpbxsvc-zulu 1463587872: /sbin/ip6tables -N fpbxsvc-zulu 1463587872: /sbin/ip6tables -A fpbxknownreg -j fpbxsvc-zulu 1463587872: /sbin/iptables -A fpbxknownreg -j fpbxsvc-zulu 1463587872: /sbin/ip6tables -A fpbxinterfaces -i eth0 -j zone-trusted 1463587872: /sbin/iptables -A fpbxinterfaces -i eth0 -j zone-trusted 1463587872: /sbin/iptables -A fpbxnets -s 109.98.255.68/32 -j zone-trusted 1463587872: /sbin/iptables -A fpbxnets -s 109.98.255.0/24 -j zone-trusted 1463587873: /sbin/iptables -N fpbxsvc-ssh 1463587873: /sbin/ip6tables -N fpbxsvc-ssh 1463587873: /sbin/ip6tables -F fpbxsvc-ssh 1463587873: /sbin/ip6tables -A fpbxsvc-ssh -p tcp -m tcp --dport 22 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-ssh 1463587873: /sbin/iptables -A fpbxsvc-ssh -p tcp -m tcp --dport 22 -j ACCEPT 1463587873: /sbin/iptables -N zone-external 1463587873: /sbin/ip6tables -N zone-external 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-ssh 1463587873: /sbin/iptables -N zone-internal 1463587873: /sbin/ip6tables -N zone-internal 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ssh 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-ssh 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ssh 1463587873: /sbin/iptables -N fpbxsvc-http 1463587873: /sbin/ip6tables -N fpbxsvc-http 1463587873: /sbin/ip6tables -F fpbxsvc-http 1463587873: /sbin/ip6tables -A fpbxsvc-http -p tcp -m tcp --dport 80 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-http 1463587873: /sbin/iptables -A fpbxsvc-http -p tcp -m tcp --dport 80 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-http 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-http 1463587873: /sbin/iptables -N fpbxsvc-https 1463587873: /sbin/ip6tables -N fpbxsvc-https 1463587873: /sbin/ip6tables -F fpbxsvc-https 1463587873: /sbin/ip6tables -A fpbxsvc-https -p tcp -m tcp --dport 443 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-https 1463587873: /sbin/iptables -A fpbxsvc-https -p tcp -m tcp --dport 443 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-https 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-https 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-https 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-https 1463587873: /sbin/ip6tables -F fpbxsvc-ucp 1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 81 -j ACCEPT 1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 8001 -j ACCEPT 1463587873: /sbin/ip6tables -A fpbxsvc-ucp -p tcp -m tcp --dport 8003 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-ucp 1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 81 -j ACCEPT 1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 8001 -j ACCEPT 1463587873: /sbin/iptables -A fpbxsvc-ucp -p tcp -m tcp --dport 8003 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-ucp 1463587873: /sbin/iptables -N zone-other 1463587873: /sbin/ip6tables -N zone-other 1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-ucp 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ucp 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-ucp 1463587873: /sbin/iptables -A zone-other -j fpbxsvc-ucp 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ucp 1463587873: /sbin/iptables -N fpbxsvc-pjsip 1463587873: /sbin/ip6tables -N fpbxsvc-pjsip 1463587873: /sbin/ip6tables -F fpbxsvc-pjsip 1463587873: /sbin/ip6tables -A fpbxsvc-pjsip -p udp -m udp --dport 5060 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-pjsip 1463587873: /sbin/iptables -A fpbxsvc-pjsip -p udp -m udp --dport 5060 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-pjsip 1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-pjsip 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-pjsip 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-pjsip 1463587873: /sbin/iptables -A zone-other -j fpbxsvc-pjsip 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-pjsip 1463587873: /sbin/iptables -N fpbxsvc-chansip 1463587873: /sbin/ip6tables -N fpbxsvc-chansip 1463587873: /sbin/ip6tables -F fpbxsvc-chansip 1463587873: /sbin/ip6tables -A fpbxsvc-chansip -p udp -m udp --dport 5061 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-chansip 1463587873: /sbin/iptables -A fpbxsvc-chansip -p udp -m udp --dport 5061 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-chansip 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-chansip 1463587873: /sbin/iptables -N fpbxsvc-iax 1463587873: /sbin/ip6tables -N fpbxsvc-iax 1463587873: /sbin/ip6tables -F fpbxsvc-iax 1463587873: /sbin/ip6tables -A fpbxsvc-iax -p udp -m udp --dport 4569 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-iax 1463587873: /sbin/iptables -A fpbxsvc-iax -p udp -m udp --dport 4569 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-iax 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-iax 1463587873: /sbin/iptables -N fpbxsvc-webrtc 1463587873: /sbin/ip6tables -N fpbxsvc-webrtc 1463587873: /sbin/ip6tables -F fpbxsvc-webrtc 1463587873: /sbin/ip6tables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8088 -j ACCEPT 1463587873: /sbin/ip6tables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8089 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-webrtc 1463587873: /sbin/iptables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8088 -j ACCEPT 1463587873: /sbin/iptables -A fpbxsvc-webrtc -p tcp -m tcp --dport 8089 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-webrtc 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-webrtc 1463587873: /sbin/iptables -N fpbxsvc-isymphony 1463587873: /sbin/ip6tables -N fpbxsvc-isymphony 1463587873: /sbin/ip6tables -F fpbxsvc-isymphony 1463587873: /sbin/ip6tables -A fpbxsvc-isymphony -p tcp -m tcp --dport 58080 -j ACCEPT 1463587873: /sbin/ip6tables -A fpbxsvc-isymphony -p tcp -m tcp --dport 55050 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-isymphony 1463587873: /sbin/iptables -A fpbxsvc-isymphony -p tcp -m tcp --dport 58080 -j ACCEPT 1463587873: /sbin/iptables -A fpbxsvc-isymphony -p tcp -m tcp --dport 55050 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-isymphony 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-isymphony 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-isymphony 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-isymphony 1463587873: /sbin/iptables -N fpbxsvc-provis 1463587873: /sbin/ip6tables -N fpbxsvc-provis 1463587873: /sbin/ip6tables -F fpbxsvc-provis 1463587873: /sbin/ip6tables -A fpbxsvc-provis -p tcp -m tcp --dport 83 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-provis 1463587873: /sbin/iptables -A fpbxsvc-provis -p tcp -m tcp --dport 83 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-provis 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-provis 1463587873: /sbin/iptables -A zone-other -j fpbxsvc-provis 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-provis 1463587873: /sbin/iptables -N fpbxsvc-vpn 1463587873: /sbin/ip6tables -N fpbxsvc-vpn 1463587873: /sbin/ip6tables -F fpbxsvc-vpn 1463587873: /sbin/ip6tables -A fpbxsvc-vpn -p udp -m udp --dport 1194 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-vpn 1463587873: /sbin/iptables -A fpbxsvc-vpn -p udp -m udp --dport 1194 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-vpn 1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-vpn 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-vpn 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-vpn 1463587873: /sbin/iptables -A zone-other -j fpbxsvc-vpn 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-vpn 1463587873: /sbin/iptables -N fpbxsvc-restapps 1463587873: /sbin/ip6tables -N fpbxsvc-restapps 1463587873: /sbin/ip6tables -F fpbxsvc-restapps 1463587873: /sbin/ip6tables -A fpbxsvc-restapps -p tcp -m tcp --dport 84 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-restapps 1463587873: /sbin/iptables -A fpbxsvc-restapps -p tcp -m tcp --dport 84 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-restapps 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-restapps 1463587873: /sbin/iptables -N fpbxsvc-xmpp 1463587873: /sbin/ip6tables -N fpbxsvc-xmpp 1463587873: /sbin/ip6tables -F fpbxsvc-xmpp 1463587873: /sbin/ip6tables -A fpbxsvc-xmpp -p tcp -m tcp --dport 5222 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-xmpp 1463587873: /sbin/iptables -A fpbxsvc-xmpp -p tcp -m tcp --dport 5222 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-external -j fpbxsvc-xmpp 1463587873: /sbin/ip6tables -A zone-other -j fpbxsvc-xmpp 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-xmpp 1463587873: /sbin/iptables -A zone-external -j fpbxsvc-xmpp 1463587873: /sbin/iptables -A zone-other -j fpbxsvc-xmpp 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-xmpp 1463587873: /sbin/iptables -N fpbxsvc-ftp 1463587873: /sbin/ip6tables -N fpbxsvc-ftp 1463587873: /sbin/ip6tables -F fpbxsvc-ftp 1463587873: /sbin/ip6tables -A fpbxsvc-ftp -p tcp -m tcp --dport 21 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-ftp 1463587873: /sbin/iptables -A fpbxsvc-ftp -p tcp -m tcp --dport 21 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-ftp 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-ftp 1463587873: /sbin/iptables -N fpbxsvc-tftp 1463587873: /sbin/ip6tables -N fpbxsvc-tftp 1463587873: /sbin/ip6tables -F fpbxsvc-tftp 1463587873: /sbin/ip6tables -A fpbxsvc-tftp -p udp -m udp --dport 69 -j ACCEPT 1463587873: /sbin/iptables -F fpbxsvc-tftp 1463587873: /sbin/iptables -A fpbxsvc-tftp -p udp -m udp --dport 69 -j ACCEPT 1463587873: /sbin/ip6tables -A zone-internal -j fpbxsvc-tftp 1463587873: /sbin/iptables -A zone-internal -j fpbxsvc-tftp 1463587873: /sbin/iptables -N fpbxsvc-nfs 1463587873: /sbin/ip6tables -N fpbxsvc-nfs 1463587873: /sbin/iptables -N rejsvc-nfs 1463587873: /sbin/ip6tables -N rejsvc-nfs 1463587873: /sbin/ip6tables -A fpbxreject -j rejsvc-nfs 1463587873: /sbin/iptables -A fpbxreject -j rejsvc-nfs 1463587873: /sbin/iptables -N fpbxsvc-smb 1463587873: /sbin/ip6tables -N fpbxsvc-smb 1463587873: /sbin/iptables -N rejsvc-smb 1463587873: /sbin/ip6tables -N rejsvc-smb 1463587873: /sbin/ip6tables -A fpbxreject -j rejsvc-smb 1463587873: /sbin/iptables -A fpbxreject -j rejsvc-smb 1463587873: /sbin/ip6tables -A fpbx-rtp -p udp -m udp --dport 10000:20000 -j ACCEPT 1463587873: /sbin/ip6tables -A fpbx-rtp -p udp -m udp --dport 4000:4999 -j ACCEPT 1463587873: /sbin/iptables -A fpbx-rtp -p udp -m udp --dport 10000:20000 -j ACCEPT 1463587873: /sbin/iptables -A fpbx-rtp -p udp -m udp --dport 4000:4999 -j ACCEPT 1463587873: /sbin/iptables -A fpbxsignalling -p udp -m udp --dport 5061 -j MARK --set-xmark 0x1/0xffffffff 1463587873: /sbin/iptables -A fpbxsignalling -p udp -m udp --dport 5060 -j MARK --set-xmark 0x1/0xffffffff 1463587873: /sbin/ip6tables -A fpbxhosts -s ::1/128 -j zone-trusted 1463587873: /sbin/iptables -A fpbxhosts -s 127.0.0.1/32 -j zone-trusted rfw rule 2 not valid (Is '-m recent --rcheck --seconds 86400 --hitcount 1 --name ATTACKER --rsource -j fpbxattacker', should start with '-m recent --rcheck --seconds 10 --hitcount 50 --name REPEAT --rsource') THIS MAY BE A KERNEL ISSUE. IF THIS KEEPS OCCURRING REBOOT YOUR MACHINE URGENTLY. 1463587908: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds More information available in /tmp/firewall.log ' returned 0 ERROR Unable to contact server. Is it running? PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /var/www/html/admin/modules/sysadmin/hooks/fail2ban-generate on line 76 ERROR Unable to contact server. Is it running?
-
I should note that eth0 was not set to trusted in the interface. It was set to external.
-
Module version was 13.0.28. Looks like a number of people reporting this error with 13.0.26 from two weeks ago.
-
-
@scottalanmiller said in Sangoma Responsive Firewall Error on FreePBX:
I should note that eth0 was not set to trusted in the interface. It was set to external.
Interesting that your setting seems not applied. If there are reports of errors, I would roll it back.
I had a weird error on reboot at one point over the weekend, but everything was good after that.
The FreePBX GUI makes it easy to roll back a module at least.
Click check online in module admin and then you can see the "Previous" option in the module info that will show you the rollback buttons.
-
@scottalanmiller official issue tracker report: http://issues.freepbx.org/browse/FREEPBX-12342
-
New install, no rollbacks.
-
@scottalanmiller said in Sangoma Responsive Firewall Error on FreePBX:
New install, no rollbacks.
You can still roll it back to a prior version.
-
@scottalanmiller You did not click the "Check Online" button first. Once you do, you will have the option as stated previously.
-
@JaredBusch said in Sangoma Responsive Firewall Error on FreePBX:
@scottalanmiller official issue tracker report: http://issues.freepbx.org/browse/FREEPBX-12342
LOL, got reported as I was discovering it
-
@JaredBusch said in Sangoma Responsive Firewall Error on FreePBX:
@scottalanmiller You did not click the "Check Online" button first. Once you do, you will have the option as stated previously.
I did that, actually. Let me try again.
-
That worked (the rollback)... testing 3.0.27.1
-
Looks like that one is working, thanks.