NEWS FLASH Proprietary Distro Gets Proprietary Firewall... finally

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
The only distro that never had a firewall finally does. For an entertaining look at why it needed to be just as proprietary as The Distro itself, don't miss Rob's diatribe explaining how awful the open source products of others are. Then look around here and count how many firewall-related complaints have been lodged and how many compromised servers have been reported over the past 3 years.

No mention of how many compromised servers they've had over the past several years because of NO FIREWALL.

Can't make this stuff up, but glad they finally came to their senses... :wub:
 

TheShniz

Guru
Joined
Nov 15, 2007
Messages
560
Reaction score
2
1.) Doesn't CentOS7 (their preferred distro for v13) replace iptables w/ firewalld? Their wiki says it requires iptables, but github says it supports CentOS7 (presumably w/ iptables instead)

2.) I look at this as yet another bait-and-switch identical to them not releasing MWI hints for shared voicemail boxes (a fundamental/expected feature) for other distros and there is absolutely no reason for it... still waiting for this one, hopefully Asterisk 13 will have it builtin.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
1.) Doesn't CentOS7 (their preferred distro for v13) replace iptables w/ firewalld? Their wiki says it requires iptables, but github says it supports CentOS7 (presumably w/ iptables instead)


You're correct. Problem was that Rob couldn't get it to work with his new BeAll/EndAll Firewall. :shuriken:
 
Joined
Oct 8, 2015
Messages
6
Reaction score
0
1.) Doesn't CentOS7 (their preferred distro for v13) replace iptables w/ firewalld? Their wiki says it requires iptables, but github says it supports CentOS7 (presumably w/ iptables instead)

2.) I look at this as yet another bait-and-switch identical to them not releasing MWI hints for shared voicemail boxes (a fundamental/expected feature) for other distros and there is absolutely no reason for it... still waiting for this one, hopefully Asterisk 13 will have it builtin.


At the moment, the 13 distro runs on 6.something, not 7.
Use of iptables vs firewalld has been talked about pretty in depth on the forum, as well as IRC. Here is a link to the post regarding firewall development, in case you have trouble finding it (Ward also linked it, above). If you've got a concern that isn't addressed by what's been said, then speak up and say something about it. I'm not sure what your point is here, though; iptables is by far the more widely deployed/used/developed-for and generally understood tool. Are you insinuating that this is "awful" because it hasn't yet accommodated firewalld [just noticed this wasn't the other commenter. i hate forums, dammit]? If this really does concern you, join #freepbx and ask about it. The best thing that could happen is that people start talking.

Your second point is incorrect, aside from being utterly unrelated to this. That was recognized here: http://pbxinaflash.com/community/in...blf-with-freepbx-2-11.12633/page-2#post-95372. If you are referring to something else, please be specific.

If you could help me understand how this constitutes a "bait and switch", I'd appreciate it. I'm not going to get into the subjective discussion about whether "a distro" should/shouldn't include a firewall - if you think that someone is somehow obligated to include a feature with a piece of software they offer for free, simply because it follows your principles of design, then I suggest you start designing software yourself, as you will never be satisfied. I would, however, like to know where you're coming to the conclusion that this is something other than what it is.

Thanks
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
I was responding to the firewalld issue, not the version of RHEL. Who cares??

For the record, RHEL6 = CentOS 6 = Scientific Linux 6

Aside from branding, the real difference is you get to pay for RHEL6 so it shouldn't come as much of a surprise that the FreePBX Distro chose it as their future platform.
 
Joined
Oct 8, 2015
Messages
6
Reaction score
0
Ward
I wasn't responding to you; note the large quote from someone else at the top of my response. You don't need to record that here - it's pretty much common knowledge. Are you trying to convince people they will need to somehow pay to use the FreePBX distro, because RHEL has a paid model?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Haven't looked at RHEL in many years. Last time I checked, you couldn't download it without a paid up subscription. Maybe things have changed. Don't know and don't really care. Good to see the FreePBX folks getting out of the proprietary OS business. I guess that's a start.

As for PIAF and Incredible PBX, Scientific Linux works fine for our purposes with the identical code base and... NoGotchas!
 
Joined
Oct 8, 2015
Messages
6
Reaction score
0
Haven't looked at RHEL in many years. Last time I checked, you couldn't download it without a paid up subscription. Maybe things have changed. Don't know and don't really care. Good to see the FreePBX folks getting out of the proprietary OS business. I guess that's a start.

As for PIAF and Incredible PBX, Scientific Linux works fine for our purposes with the identical code base and... NoGotchas!


So what you're saying is that what you said prior has absolutely nothing to do with reality. The 'official' distro uses CentOS, not RHEL, nor have I ever heard anything regarding that happening. It wouldn't even make sense - if we're just going to predict random things occurring, I would actually say moving to Debian would be more likely, granted they solve whatever problems exist with Zend and whatnot (see? I can make unfounded predictions, too!). Saying a move to RHEL IS happening is nothing but an attempt to scare people into doing whatever it is you think they should be - which, from what I can tell, is paying you to maintain your own distribution. Which is fine. I wish there were more options. It would be spectacular if I had a reasonable choice - but the way you're going about this is beyond reason.
At best it maintains your ego as super-folkhero of the open telephony community, at worst you're trying to polarize a group that has no reason to be polarized, while profiting off whatever you can scrape to your side. I honestly can't see any other motivation at this point. You've turned a discussion about a literally open-source firewall module, for a literally open-source compilation of software and their respective configurations (of which you depend on for your own, repackaged, applications) into a grandstanding speech for your completely off-base predictions for the future of a competing product. It is bizarre; seriously, really bizarre. This is your forum, your space, you have a chance to lead the conversation wherever you want to, and this is where we are.
I'll be super clear for anyone that didn't read between the lines there. The FreePBX distro, available from freepbx.org as an ISO, uses CentOS, not RHEL, and does not require any amount of paid subscriptions or anything else to Redhat. None. You are welcome to download, install, and use it 100% freely, without paying a cent to anyone. You're able to download, install, and maintain the same software on most other distributions; the difference is the suite of software used to license and validate commercial, non-OSS modules is currently available using CentOS 6.x (don't quote me on exact versions, I don't know off hand and don't really care - it's so irrelevant to this conversation it hurts). CentOS is not a proprietary OS any more than anything else - as I'm writing this, I'm installing PIAF on a CentOS 6.5 VM. There is literally no difference in the underlying OS; I can install FreePBX from source and have the same functionality as the official distro would. I'm going to curse now, because I don't know how else to handle the situation - what the fuck does "Proprietary OS business" mean? Let's check what CentOS says:

CentOS Linux is a community-supported distribution derived from sources freely provided to the public by Red Hat for Red Hat Enterprise Linux (RHEL). As such, CentOS Linux aims to be functionally compatible with RHEL. The CentOS Project mainly changes packages to remove upstream vendor branding and artwork. CentOS Linux is no-cost and free to redistribute. Each CentOS version is maintained for up to 10 years (by means of security updates -- the duration of the support interval by Red Hat has varied over time with respect to Sources released). A new CentOS version is released approximately every 2 years and each CentOS version is periodically updated (roughly every 6 months) to support newer hardware. This results in a secure, low-maintenance, reliable, predictable and reproducible Linux environment.

But who reads wikis. I asked in #centos:

9:30 PM <lorsungcu> Hello; just curious; would any of you describe CentOS as being 'proprietary'?
9:32 PM <Motoko> I woulnd't.
9:32 PM <Motoko> wouldn't.
9:33 PM <Motoko> You can rebuild everything from the provided source code.
Disclaimer: I don't know that guy, nor does he know I posted this. Yes, I'm being petty. Let's move on to the next reply:

As for whether you'll have to pay to use the FreePBX Distro, one thing is clear. You will not be able to redistribute it. Not much to like about that.

You will not be able to redistribute _what_? Stop linking to your ad-infested blog. Say what you mean, and be specific. If you're referring to something commercial, that someone made for-profit, and outside the realm of the GPL or whatever you think is going on, then no, you can't just redistribute others' work because you feel entitled to their efforts. It doesn't work that way. So again, be absolutely specific, preferably in a bulleted list, about what you think you are entitled to that is not being provided. I can't respond to your blog, and I will not give you the ad revenue of another click.
 
Joined
Oct 8, 2015
Messages
6
Reaction score
0
You're correct. Problem was that Rob couldn't get it to work with his new BeAll/EndAll Firewall. :shuriken:


As an aside, while wading through the mess that are install instructions, I came across this gem:


CAUTION: Installing Incredible PBX on the CentOS 7 platform is still a work in progress that is suitable for pioneers only. For production systems, stick with 6.5/6.6.

I mean, if you're going to expect someone else to support CentOS7 on an initial release of a free module, the least you could do is, oh, i don't know, support it whatsoever in your own distribution? Or is it (by definition, really), a BEaLL/ENDall distribution (this whole name calling business is exciting)?
 

kenn10

Well-Known Member
Joined
Dec 16, 2007
Messages
3,764
Reaction score
2,173
OK. So a new member comes on the discussion board and immediately starts a fight. Doesn't sound like someone who has any interest in PIAF to me.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
So what you're saying is that what you said prior has absolutely nothing to do with reality. The 'official' distro uses CentOS, not RHEL, nor have I ever heard anything regarding that happening. It wouldn't even make sense...

Saying a move to RHEL IS happening is nothing but an attempt to scare people...


That's as far as I've read in your post. But here's the reality since you appear to be in to that...

CRCefKVW8AAl5YD.jpg
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
OK. So a new member comes on the discussion board and immediately starts a fight. Doesn't sound like someone who has any interest in PIAF to me.


Yeah. But the hit-and-run usually ends abruptly once the facts appear and we cut through the bull:001 9898: . Then the guy disappears, and another fanboy chimes in a few months later. How many times have we seen this? I guess it gets them in the mood for AstriCon where they can pat each other on the back.


Giving frogs a bad name since 2005.
 
Joined
Oct 8, 2015
Messages
6
Reaction score
0
Yeah. But the hit-and-run usually ends abruptly once the facts appear and we cut through the bull:001 9898: . Then the guy disappears, and another fanboy chimes in a few months later. How many times have we seen this? I guess it gets them in the mood for AstriCon where they can pat each other on the back.

I haven't gone anywhere; I'm waiting for anyone I've replied to to actually respond to me legitimately. No one has cut through any bull; I'm not sure if you're referring to being called out, or if there's something about what I said you think isn't true (again, specifics would be great!).

...
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,534
Reaction score
727
Not sure what you hope to gain by defending FreePBX Distro in the PIAF forum. Both FreePBX Distro and PIAF can be downloaded for free and evaluated, so if you are interested in comparing them, install them and compare. If you don't like some aspects of both of them, it is actually pretty straightforward to build Asterisk and then add FreePBX and whatever other add-ons you want. I did it that way for a long time, but now I just use an installer.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Let me post the tweet for you again, Cullen Lorsung. Your comments all suggested that I had somehow made up the bit about the FreePBX Distro being released on RHEL. In case you didn't know, RHEL and EL are the same animal. RHEL = Red Hat Enterprise Linux. EL = Enterprise Linux (produced by Red Hat). RHEL = EL. EL6 does not equal CentOS6! They have very different licenses. The suggestion that the FreePBX Distro was being developed and released on EL6 came from James, not from me. SEE BELOW! If you want to call someone out for making stuff up, you're barking up the wrong tree. Talk to him.

FYI: The PIAF Forum is a family-friendly forum that is suitable for all ages. Kindly take your foul language and personal attacks elsewhere.

CRCefKVW8AAl5YD.jpg
 

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
760
Reaction score
199
What don't you like about it?


/me grabs popcorn, reading https://www.freepbx.org/robs-twist-on-why-you-need-a-firewall-really/ and http://community.freepbx.org/t/the-ongoing-firewall-saga-2nd-post-has-status/31067

@lorsungcu I will catch up with you on irc.freenode.net #freepbx and ask you a few questions, I also notice that mbellot has not replied to you, yes the default avatar on the forum is off putting until you read the username underneath you could assume it was the same poster.

I'm surprised by the screenshots that Sangoma has put their name on the firewall, unless this is just in testing, what information is sent to Sangoma via the SysAdmin module, and what information do you log to stop someone from suing Sangoma when they get hacked when they have the active Sangoma Firewall in place?

Lastly is there any reason to not advise someone to use existing tools like UFW/FirewallD, see FusionPBX's example on their wiki: http://wiki.fusionpbx.com/index.php?title=Ubuntu_Firewall ?

PortKnocker used correctly is a fantastic tool to access your secure PBX while on the road, or even a PBX in the Cloud.
 

Members online

Forum statistics

Threads
25,782
Messages
167,509
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top