Updated 9/21/2019 and firewalld is not working.

This topic has 24 replies, 2 voices, and was last updated 1 year ago by Steve.

Post

- September 21, 2019 at 1:03 pm
- Quote
Steve
Participant

I just updated Centos 7 to Centos 7.7 and now the firewalld isn’t working Well it’s working but it isn’t looking at any rules that I have set up in VitalPBX. Is there an issue with Centos 7.7 and VitalPBX :

VitalPBX 2.3.6-1
Asterisk 16.5.0-1
DAHDI 2.11.1-7

Please let me know if there is a fix for the firewall and fail2ban working with VitalPBX.

Thank you.

0

Viewing 15 replies - 1 through 15 (of 24 total)

1 2 →

Replies

- September 21, 2019 at 1:06 pm
- Quote
Steve
Participant

Up
0
Down

In looking at messages there are all kinds of firewalld errors.

I will keep searching.

0
- September 21, 2019 at 1:12 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

This a known issue by Centos & Redhat: https://bugs.centos.org/view.php?id=16425&nbn=7

You may fix this on VitalPBX removing the mdns rule from the firewall.

0
- September 21, 2019 at 5:09 pm
- Quote
Steve
Participant

Up
0
Down

Thanks for the help. I did the following:

firewall-cmd –permanent –direct –add-rule ipv6 filter OUTPUT 0 -p udp –dport=5353 -j DROP firewall-cmd –permanent –direct –add-rule ipv4 filter OUTPUT 0 -p udp –dport=5353 -j DROP firewall-cmd –reload

Then I got:

Error: COMMAND_FAILED: argument of type ‘Rich_Destination’ is not iterable.

I am again stuck, could you advise if this is correct or incorrect what how to “removing the mdns rule from the firewall” is how I should have attempted it?

TIA.

0
- September 21, 2019 at 5:10 pm
- Quote
Steve
Participant

Up
0
Down

I did this from instruction from:

https://www.ctrl.blog/entry/how-to-disable-mdns-linux.html

0
- September 21, 2019 at 5:26 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

I was talking about removing the rule from VitalPBX’s GUI. Check the picture attached.

Screenshot_982.png

0
- September 21, 2019 at 5:32 pm
- Quote
Steve
Participant

Up
0
Down

Sorry, I miss understood. I will restore a previous backup and then do a yum update and then go in and remove the mdns.

Thank you for the clarification

0
- September 21, 2019 at 6:05 pm
- Quote
Steve
Participant

Up
0
Down

Thanks very much. I will

0
- September 21, 2019 at 6:06 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

You’re welcome

0
- September 21, 2019 at 6:08 pm
- Quote
Steve
Participant

Up
0
Down

I removed that rule from firewalld via the VitalPBX web interface. I rebooted after the yum update and I still can’t get back into VitalPBX. None of the rules are being added back in. They are in the web interface but not being loaded into firewalld. All that iptables -S shows is attached.

Capture.PNG

0
- September 21, 2019 at 6:11 pm
- Quote
Steve
Participant

Up
0
Down

There are several errors stating iptables-restore are failing.

0
- September 21, 2019 at 6:12 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

Try restarting firewalld

0
- September 21, 2019 at 6:14 pm
- Quote
Steve
Participant

Up
0
Down

I did, I even rebooted.

0
- September 21, 2019 at 6:15 pm
- Quote
Jose Miguel Rivera
Keymaster

Up
0
Down

Do you have any other firewall rule with source or destination defined?

0
- September 21, 2019 at 6:18 pm
- Quote
Steve
Participant

Up
0
Down

Yes. The pbx is installed on a VPS and I only allow my remote site access along with my trunk providers. The only thing that is wide open in RTP and openvpn.

I open all ports between my VPS and the static IP address that I have the phones other wide everthing is pretty much closed.

0
- September 21, 2019 at 6:22 pm
- Quote
Steve
Participant

Up
0
Down

I used to remove firewalld and used iptables by themselves until VitalPBX came out with OpenVPN and decided to stick with ‘out-of-the’box vs. going back to just ipeables. I haven’t really learned firewalld yet, I am not bad with just iptables. I realize that firewalld is a different intrface that sets up iptables. That is why I always went back to iptables and removed firewalld in the past. This installation is only a couple months old with 100% VitalPBX.

0