FYI Building Incred PBX 16.15.2 on CentOs7 - a few questions

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
I have just built a 16-15.2 Incredible PBX on VULTR.

My assumption is that http://nerdvittles.com/?p=30642 published on Sept 16 2019 will bring me up to something fairly long term.

Things are going well so far...

I removed sendmail and installed postfix so that my AWS SES mail sending account would work well with respect to DKIM and SPF. I could post some sample config files on that subject if anyone is interested.

I am using the VULTR firewall and want to trim down the default iptables on the instance. That's where Webmin shows a very short list list but on the other hand, 'iptables -L' shows a huge list. I can't figure out why there is a difference. Help would be appreciated here.

The /root/pbxstatus" script is different by one line versus the /usr/local/sbin/pbxstatus script. Not sure it matters much but on VULTR Centos7 I get differing results on DISK free.

I see that MongoDB is part of the equation. Maybe it has been around for a while but I was surprised to see it. Also I see that redis is now present. No big deal I guess.

I wish apache could be easily replaced with nginx. But again, not something all that important.

I am wondering about an upgrade to Centos 8 now or later. After all, I am switching from V8 piston to fully electric sort of.

Mark
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
We've made it a practice not to comment on home-grown firewall implementations. The reasons should be obvious but, in case they're not, we don't want the responsibility of supporting dozens of different firewall designs because, when something comes unglued or someone's server gets compromised, guess where the boney finger will be pointed. Having said all of that, I'm curious. What's wrong with the two current designs: one for pure whitelist with TM3 and another for public server implementations??

One other cautionary note. WebMin is for looking at stuff and should never be used to make changes in your Incredible PBX setup. It will permanently break things without any notice.
 
Last edited:

jerrm

Guru
Joined
Sep 23, 2015
Messages
838
Reaction score
405
That's where Webmin shows a very short list list but on the other hand, 'iptables -L' shows a huge list. I can't figure out why there is a difference. Help would be appreciated here.
Webmin only shows the static rules in /etc/sysconfig/iptables. Those are pretty basic, locked down system rules.

The full ruleset is put in place in the iptables-restart script.
 

redstonemason

Certified AWS Architect (And a KVM fan!!!)
Joined
Apr 3, 2014
Messages
151
Reaction score
41
We've made it a practice not to comment on home-grown firewall implementations. The reasons should be obvious but, in case they're not, we don't want the responsibility of supporting dozens of different firewall designs because, when something comes unglued or someone's server gets compromised, guess where the boney finger will be pointed. Having said all of that, I'm curious. What's wrong with the two current designs: one for pure whitelist with TM3 and another for public server implementations??

One other cautionary note. WebMin is for looking at stuff and should never be used to make changes in your Incredible PBX setup. It will permanently break things without any notice.

I agree with you whatsoever on the practice of not commenting on home-grown firewalls.

A pure white list is good for me.

I just can't determine why Webmin shows different results vs 'iptables -L'
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
WebMin does everything under the covers so you can't tell where it gets its data. iptables -nL gives the correct list of firewall rules.

See /usr/local/sbin/iptables-custom for the other rules. The reason for this secondary load is because we support FQDNs while iptables technically doesn't. If the initial install chokes on a failed FQDN, you are left with no firewall protection.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Thanks, @jerrm. That obviously would be inaccurate in many environments in which extra rules have been added manually or using a supplementary script. Yet another reason NOT to rely upon WebMin.
 

Members online

No members online now.

Forum statistics

Threads
25,778
Messages
167,504
Members
19,198
Latest member
serhii
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top