FYI IncrediblePBX 13-12.3 iptables addresses instead of DNS?

[jeffmac]

I just completed a new install of IncrediblePBX 13-12.3 on Centos 6.7 and was very surprised to find the iptables source no longer has DNS names, but has been reverted to IP addresses only. When Ward originally built the whitelist for iptables he was very clear to never ever do a "save" because the DNS names would be lost.

Has something changed and I just haven't kept up with the times?

Jeff

 

[SMTC]

Just also did the same installation but what I find is there is an error trying to do the add-ip function. It is trying to do a "service iptables-persistent" which is non-existent on the Centos 6.7 platform. The IP never gets added to iptables. add-fqdn actually seemed to work in that the DNS looked up IP are in the IPTABLES -nL listing.

I think we have some incorrect script code for this platform in here??

 

[wardmundy]

Try running this command and then try add-ip again. Let me know if it fixes things:

ln -s /etc/rc.d/init.d/iptables /etc/rc.d/init.d/iptables-persistent

 

[jeffmac]

But what about the original question here, Ward? Why does /etc/sysconfig/iptables have only IP addresses instead of the DNS names the way it was built before? Has there been a change in design?

Jeff

 

[wardmundy]

IP addresses are less prone to out-of-the-box failures if there is a DNS problem somewhere or if a provider happens to drop off the radar. Leaving the IP address in place after a business failure was of minimal concern compared to blowing everyone's firewall out of the water. Keep in mind that IPtables fails to start if there is an unresolvable FQDN in your setup.