Updated 9/21/2019 and firewalld is not working.

VitalPBX Community Support General Discussion Updated 9/21/2019 and firewalld is not working.

  • This topic has 24 replies, 2 voices, and was last updated 1 year ago by Steve.
  • Post
    Steve
    Participant

    I just updated Centos 7 to Centos 7.7 and now the firewalld isn’t working  Well it’s working but it isn’t looking at any rules that I have set up in VitalPBX.  Is there an issue with Centos 7.7 and VitalPBX :

    VitalPBX 2.3.6-1
    Asterisk 16.5.0-1
    DAHDI 2.11.1-7

    Please let me know if there is a fix for the firewall and fail2ban working with VitalPBX.

    Thank you.

    0
Viewing 9 replies - 16 through 24 (of 24 total)
  • Replies
    Up
    0
    Down

    Ok, the error is that when you define source or destination for a firewall rule, firewall-d complains and send the following message:  COMMAND_FAILED: argument of type ‘Rich_Destination’ is not iterable.

    0
    Steve
    Participant
    Up
    0
    Down

    You mean that now I have to open it the world and can’t only allow certain ports to/from a single IP address or two?

    If so, that kind of defeats the purpose of a firewall doesn’t it?  It opens it up to more hackers to try to hack the pbx?

    If so, looks like I will have to go back and not do an upgrade to Centos 7.7?  Maybe I am missing your point again.

     

     

    0
    Steve
    Participant
    Up
    0
    Down

    Is this true, we aren’t able to allow specific IP addresses since the last Centos update?

    0
    Up
    0
    Down

    As I told you before, this is an issue of Centos 7.7, we expect this get fixed on next Centos version or on the next version of Firewall-d.

    0
    Steve
    Participant
    Up
    0
    Down

    Thank you I know you told me this, you also told me by removing the mdns entry then it should work but it did’t. 

    I am trying to decide how I can protect my pbx since the firewall is not broken.  I asked that question.  Since there is no solution at this time, I will go back to what I had with out the Centos 7.7 upgrade. 

    That was my question if I can keep this at Centos 7.7 or go back.  So it was not clear to me what I should do, Since you “told me already” as you stated, I apologize for not understanding.

    Sorry for being stupid.

    0
    Up
    0
    Down

    Answering to your questions:

    • Yes, you should go back to Centos version before Centos 7.7
    • I told you that removing the mdns rule the error will get fixed because I believed you were using the default firewall rules.

    Now, I would like to explain more deeply or clear the issue related to Centos 7.7 and firewall-d, the issue happens when a rich rule is defined with a source o destination, so, due the default firewall for vitalpbx only comes with one rule that have a destination (mdns), removing this rule is more than enough, however, if you have another custom rules with source and destination, you will have to remove the rules or remove the source and destination from those rules.

    On another hand,  We are working on a solution for this, we hope to get some solution for this soon.

     

    0
    Up
    0
    Down

    We have just released our own version of firewalld with the fix included, so, you must update the firewalld to this version following this steps:

    yum clean all
    rm -rf /var/cache/yum/
    yum update firewalld

    Please let me know if this fixes the issue.

    0
    Steve
    Participant
    Up
    0
    Down

    Has this been resolved in 2.3.6-1?

    If it hasn’t and it is fixed would the best way be to do a yum update to get the fix and any other fixes the come down the road?

    I would like to be able to limit certain ports only allowed from specific ip addresses vs. relying on fail2ban to catch everything.

     

    0
    Steve
    Participant
    Up
    0
    Down

    I do believe the above fixes the issue.  I did the fix above and did a yum update all to get all the updates needed.  Just in case I ran your yum commands again.

     

    iptables seem to load as expected now.

    It looks like all of my rules loaded as expect also.

    I made some test calls in/out and everything appears to work now as expected.

    Thank you kindly.

     

    0
Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘Updated 9/21/2019 and firewalld is not working.’ is closed to new replies.