Firewall Blacklist/Whitelist

rossiv

rossiv

Guru
Joined
Oct 26, 2008
Messages
2,624
Reaction score
139
:( It is not working for me. I have a self-hosted (Public IP) box and to test it, I set IPTables to drop all packets from my IP address but I could still register a phone and use the system as normal. I ran the ./firewall-whitelist-gen.sh and ./firewall-whitelist.sh and Applied configuration in Webmin - but that made no difference. I am running 1.7.5.5.3 Purple.
Thanks!
 
K

kh40s

Guru
Joined
Nov 21, 2010
Messages
87
Reaction score
0
rossiv said:
:( It is not working for me. I have a self-hosted (Public IP) box and to test it, I set IPTables to drop all packets from my IP address but I could still register a phone and use the system as normal. I ran the ./firewall-whitelist-gen.sh and ./firewall-whitelist.sh and Applied configuration in Webmin - but that made no difference. I am running 1.7.5.5.3 Purple.
Thanks!
Click to expand...

Can you post the output of "iptables -vnL"? and tell us what the IP address of the blocked phone is?
 
rossiv

rossiv

Guru
Joined
Oct 26, 2008
Messages
2,624
Reaction score
139
kh40s said:
Can you post the output of "iptables -vnL"? and tell us what the IP address of the blocked phone is?
Click to expand...
Well I would, but my server is not responding and I think I blocked myself from it... :D And it is 40 miles away from me..... OR it somehow turned itself off or the power went out or something. If I can get access to it again, I will post back.
 
jroper

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
Hi

I see your script opens up IP Tables for your Voice over IP providers, if I have read your script properly.

You advocate not opening an external firewall to SIP providers, simply choosing the right SIP provider, and the right router, yet the script opens these ports to the carriers IP address on IP-Tables.

I think that these should only be opened if the carrier is sending DID to you over SIP without authentication.

Can you explain further why opening the ports on IP-Tables to carriers is necessary in this scenario but not where an external hardware firewall is concerned.

Joe
 
dad311

dad311

Guru
Joined
Jan 13, 2008
Messages
604
Reaction score
2
Ive installed these scripts on two machines and have the same issue on both.

The scripts run, the the running firewall is updated, the iptables gets copied, but the iptables file is not updated.

Bassically, no whitelist after a reboot or iptables restart.
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,201
Reaction score
5,220
After running the two scripts,

Trying doing: service iptables save

Check to see if they're still there: iptables -nL

Reload iptables: service iptables restart

Check to see if they're still there: iptables -nL
 
dad311

dad311

Guru
Joined
Jan 13, 2008
Messages
604
Reaction score
2
wardmundy said:
After running the two scripts,

Trying doing: service iptables save

Check to see if they're still there: iptables -nL

Reload iptables: service iptables restart

Check to see if they're still there: iptables -nL
Click to expand...

"Service iptables save" fixed my issue.

I checked the script, and this command is commented out at the end of the script.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 95 (members: 0, guests: 95)

Latest Posts

Forum statistics

Threads
25,810
Messages
167,755
Members
19,240
Latest member
nikko
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top