SOLVED iptables problems?

[wa4zlw]

Incredible PBX 11-12.1 for CentOS 6

Asterisk: UP Apache: UP MySQL: UP
SendMail: UP IPtables: DN SSH: UP
LAN port: UP Fail2Ban: UP Webmin: UP

RAM: CentOS release 6.6 Disk:45G

Asterisk 11.18.0 Incredible GUI 12.0.30

Private IP: 10.196.4.10 10.196.100.10

Public IP: 173.x.y.z

System Time: Mon Sep 7 15:20:22 EDT 2015

I've been trying to add stuff ot iptables for some remote endpoints and looks like iptables is down now as shown above.

last run of add/del:

root@pbx:~ $ ./add-ip reading 73.130.241.255
add-ip (c) Copyright 2012-2014, Ward Mundy & Associates, LLC
This script modifies critical security files on your server.
This script opens complete SIP and IAX server access to your
server for this IP address: 73.130.241.255
SIP or IAX activity from this address may damage your server!
 
BY PROCEEDING, YOU AGREE TO ASSUME ALL RISKS FROM PROPER OR
IMPROPER FUNCTIONING OF THIS SOFTWARE, WHETHER INTENTIONAL OR NOT.
ABSOLUTELY NO WARRANTIES, EXPRESS OR IMPLIED, ARE PROVIDED
INCLUDING FITNESS FOR PARTICULAR USE AND MERCHANTABILITY.
YOU ALONE ARE RESPONSIBLE FOR DETERMINING WHETHER THIS
IPTABLES SECURITY SOFTWARE WILL MEET YOUR NEEDS AND EXPECTATIONS!
THE SOFTWARE IS PROVIDED AS IS. EXAMINE THE SCRIPT CAREFULLY BEFORE
PROCEEDING! PROCEED ONLY IF YOUR AGREE TO ALL OF THESE TERMS OF USE.
 
To proceed at your own risk, press Enter. Otherwise, Ctrl-C to abort.
IP: 73.x.y.z
The following services are available for activation with 73.130.241.255:
0 - ALL Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - t*f*t*p
8 - SSH
9 - FOP
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.
 
0
 
The following services have been enabled for 73.x.y.z:
ALL Services
If there's an error in enabled services, run del-acct and try again.
iptables: Setting chains to policy ACCEPT: filter mangle na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [FAILED]
No IPtables problems found.
Stopping fail2ban: [ OK ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
[ OK ]
 
To display current iptables rules in effect for this IP address, press Enter.
The following iptables rules now are in effect for 73.x.y.z:
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $

It seemed to have been working earlier and stopped.

I do have iptables being shown in webmin to just look not change.

this is a production box....any ideas?

Thanks leon

 

[wa4zlw]

found somethings:

>N 96 ABRT Daemon Mon Sep 7 15:29 87/4932 "[abrt] a crash has be"
& 96
Message 96:
From [email protected] Mon Sep 7 15:29:18 2015
Return-Path: <[email protected]>
Date: Mon, 07 Sep 2015 15:28:58 -0400
From: ABRT Daemon <[email protected]>
To: [email protected]
Subject: [abrt] a crash has been detected again
User-Agent: Heirloom mailx 12.4 7/29/08
Content-Type: text/plain; charset=us-ascii
Status: R
 
abrt_version: 2.0.8
cmdline: ro root=UUID=3ef7fe24-a089-434e-ab23-27141a251ab1 rd_NO_LUKS rd_
NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=129M@0M
KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
hostname: pbx.chabadofreading.homedns.org
kernel: 2.6.32-504.23.4.el6.x86_64
last_occurrence: 1441653990
not-reportable: The backtrace does not contain enough meaningful function frames
to be reported. It is annoying but it does not necessary signalize a problem wi
th your computer. ABRT will not allow you to create a report in a bug tracking s
ystem but you can contact kernel maintainers via e-mail.
time: Sun 05 Jul 2015 08:24:35 PM EDT
 
sosreport.tar.xz: Binary file, 1203220 bytes
 
backtrace:
:WARNING: at drivers/gpu/drm/i915/intel_panel.c:779 i9xx_enable_backlight+0xfa/0
x120 [i915]() (Not tainted)
:Hardware name: nT435/nT535
:backlight already enabled
:Modules linked in: i915(+) drm_kms_helper drm i2c_algo_bit i2c_core video outpu
t dm_mirror dm_region_hash dm_log dm_mod
:pid: 126, comm: modprobe Not tainted 2.6.32-504.23.4.el6.x86_64 #1
:Call Trace:
: [<ffffffff81074e47>] ? warn_slowpath_common+0x87/0xc0
: [<ffffffffa0151230>] ? gen4_write32+0x0/0x60 [i915]
: [<ffffffff81074f36>] ? warn_slowpath_fmt+0x46/0x50
: [<ffffffffa015110f>] ? gen4_read32+0x3f/0x50 [i915]
: [<ffffffffa01388fa>] ? i9xx_enable_backlight+0xfa/0x120 [i915]
: [<ffffffffa01398cd>] ? intel_panel_enable_backlight+0xbd/0x100 [i915]
: [<ffffffffa0122770>] ? intel_enable_lvds+0x160/0x170 [i915]
: [<ffffffffa01196e2>] ? i9xx_crtc_enable+0x2f2/0x420 [i915]
: [<ffffffffa01179bb>] ? __intel_set_mode+0x90b/0x15b0 [i915]
: [<ffffffffa0118676>] ? intel_set_mode+0x16/0x30 [i915]
: [<ffffffffa0118f56>] ? intel_crtc_set_config+0x796/0xa90 [i915]
: [<ffffffffa006d40c>] ? drm_mode_set_config_internal+0x5c/0xe0 [drm]
: [<ffffffffa00c06be>] ? drm_fb_helper_set_par+0x6e/0xe0 [drm_kms_helper]
: [<ffffffff812dc9d0>] ? fbcon_init+0x4f0/0x570
: [<ffffffff81344c53>] ? visual_init+0xf3/0x180
: [<ffffffff81345a08>] ? bind_con_driver+0x158/0x3d0
: [<ffffffff81345ce1>] ? take_over_console+0x61/0x70
: [<ffffffff812dc0cb>] ? fbcon_takeover+0x5b/0xb0
: [<ffffffff812e0175>] ? fbcon_event_notify+0x5e5/0x6e0
: [<ffffffff815300d5>] ? notifier_call_chain+0x55/0x80
: [<ffffffff810a529a>] ? __blocking_notifier_call_chain+0x5a/0x80
: [<ffffffff810a52d6>] ? blocking_notifier_call_chain+0x16/0x20
: [<ffffffff812cf02b>] ? fb_notifier_call_chain+0x1b/0x20
: [<ffffffff812d1f4f>] ? register_framebuffer+0x22f/0x300
: [<ffffffffa00c03c7>] ? drm_fb_helper_initial_config+0x3f7/0x530 [drm_kms_helpe
r]
: [<ffffffff811748d3>] ? kmem_cache_alloc_trace+0x1b3/0x1c0
: [<ffffffffa0158c91>] ? intel_fbdev_initial_config+0x21/0x30 [i915]
: [<ffffffffa00df9a5>] ? i915_driver_load+0xe45/0xe80 [i915]
: [<ffffffff81440ea0>] ? pcibios_align_resource+0x0/0x50
: [<ffffffffa0064ca6>] ? drm_dev_register+0x86/0x180 [drm]
: [<ffffffffa0066e3b>] ? drm_get_pci_dev+0xab/0x210 [drm]
: [<ffffffffa00dd5c3>] ? i915_pci_probe+0x43/0x60 [i915]
: [<ffffffff812af417>] ? local_pci_probe+0x17/0x20
: [<ffffffff812b0601>] ? pci_device_probe+0x101/0x120
: [<ffffffff8136c992>] ? driver_sysfs_add+0x62/0x90
: [<ffffffff8136cc2c>] ? driver_probe_device+0x9c/0x3e0
: [<ffffffff8136d01b>] ? __driver_attach+0xab/0xb0
: [<ffffffff8136cf70>] ? __driver_attach+0x0/0xb0
: [<ffffffff8136be14>] ? bus_for_each_dev+0x64/0x90
: [<ffffffff8136c8ce>] ? driver_attach+0x1e/0x20
: [<ffffffff8136b648>] ? bus_add_driver+0x1e8/0x2b0
: [<ffffffff8136d276>] ? driver_register+0x76/0x140
: [<ffffffff810f466c>] ? tracepoint_update_probe_range+0xfc/0x130
: [<ffffffff812b0866>] ? __pci_register_driver+0x56/0xd0
: [<ffffffffa01a7000>] ? i915_init+0x0/0x68 [i915]
: [<ffffffffa00670ba>] ? drm_pci_init+0x11a/0x130 [drm]
: [<ffffffffa01a7000>] ? i915_init+0x0/0x68 [i915]
: [<ffffffffa01a7066>] ? i915_init+0x66/0x68 [i915]
: [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
: [<ffffffff810c0181>] ? sys_init_module+0xe1/0x250
: [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b
 
&
per the recent nerdvittles article:
 
 
root@pbx:~ $ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ASTERISK all -- 0.0.0.0/0 0.0.0.0/0
fail2ban-BadBots tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
fail2ban-asterisk-udp udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
 
Chain FORWARD (policy ACCEPT)
target prot opt source destination
 
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Chain fail2ban-ASTERISK (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
 
Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
 
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
 
Chain fail2ban-asterisk-udp (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $
root@pbx:~ $ iptables-restart
iptables: Setting chains to policy ACCEPT: filter mangle na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [FAILED]
No IPtables problems found.
Stopping fail2ban: [ OK ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
[ OK ]
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $
root@pbx:~ $ cat /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
 
touch /var/lock/subsys/local
/usr/local/sbin/iptables-restart
/usr/sbin/faxgetty -D ttyIAX0
/usr/sbin/faxgetty -D ttyIAX1
/usr/sbin/faxgetty -D ttyIAX2
/usr/sbin/faxgetty -D ttyIAX3
exit 0
 
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $
 
root@pbx:~ $ grep fail2ban /usr/local/sbin/iptables-restart
service fail2ban restart
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $
root@pbx:~ $ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ASTERISK all -- 0.0.0.0/0 0.0.0.0/0
fail2ban-BadBots tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
fail2ban-asterisk-udp udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5060,5061
fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
 
Chain FORWARD (policy ACCEPT)
target prot opt source destination
 
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Chain fail2ban-ASTERISK (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
 
Chain fail2ban-BadBots (1 references)

i'm stumped...leon

 

[wa4zlw]

anyone have any advice please?

Thanks leon

 

[matthew]

It looks to be failing to load the rules. Have you got anything in /etc/sysconfig/iptables ? Does the file exist?

 

[wa4zlw]

havent had a chance to look at things will do this weekend and report back. but if the rules disappeared I have no idea how though

leon

 

[wa4zlw]

ok it does exist...

here's whats in it:

root@pbx:/etc/sysconfig $ cat iptables
# Generated by iptables-save v1.4.7 on Fri Mar 2 10:36:08 2012
*nat
:pREROUTING ACCEPT [7:608]
:pOSTROUTING ACCEPT [36:2319]
:OUTPUT ACCEPT [36:2319]
COMMIT
# Completed on Fri Mar 2 10:36:08 2012
# Generated by iptables-save v1.4.7 on Fri Mar 2 10:36:08 2012
*mangle
:pREROUTING ACCEPT [1103:1400664]
:INPUT ACCEPT [1102:1400632]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [656:59330]
:pOSTROUTING ACCEPT [656:59330]
COMMIT
# Completed on Fri Mar 2 10:36:08 2012
# Generated by iptables-save v1.3.5 on Tue Apr 1 11:35:49 2014
*filter
:fail2ban-SSH - [0:0]
:INPUT DROP [0:0]
:fail2ban-VSFTPD - [0:0]
:fail2ban-BadBots - [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-ASTERISK - [0:0]
:FORWARD ACCEPT [0:0]
:fail2ban-APACHE - [0:0]
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-VSFTPD
-A INPUT -p tcp -m multiport -j fail2ban-BadBots --dports 80,443
-A INPUT -p tcp -j fail2ban-APACHE
-A INPUT -j fail2ban-ASTERISK
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -p udp -m udp --dport 9999:65535 --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32976 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9022 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
# -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 83 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT Opening up unlimited SIP access can be very dangerous Commented next entry locks SIP down to Trusted Providers -A INPUT -p udp -m udp --dport 5050:5082 -j ACCEPT Here's the Incredible PBX list of SIP Trusted Providers
-A INPUT -p udp -m multiport -s 64.2.142.215/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.216/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.9/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.17/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.18/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.29/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.87/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.106/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.107/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.109/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.111/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.187/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.188/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.189/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.190/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.214/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.2.142.26/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 199.101.184.146/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 174.34.146.162/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 173.208.83.50/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 74.54.54.178/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 209.62.1.2/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 67.215.241.250/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 74.63.41.218/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 69.147.236.82/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 68.233.226.97/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 67.205.74.184/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 67.205.74.187/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 174.137.63.206/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 174.137.63.202/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 5.77.36.136/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 204.11.192.32/30 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 204.155.28.10/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.136.174.24/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.136.174.24/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 64.34.181.47/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 69.90.174.98/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 85.17.186.7/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069
-A INPUT -p udp -m multiport -s 81.23.228.129/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069
-A INPUT -p udp -m multiport -s 67.228.182.2/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069
-A INPUT -p udp -m multiport -s 64.251.23.244/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 85.17.148.32/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 63.211.239.14/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 63.247.78.218/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 8.3.252.23/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 8.14.120.23/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 8.17.37.23/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 66.54.140.46/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569
-A INPUT -p udp -m multiport -s 66.54.140.47/32 -j ACCEPT --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569

 

[jeff.h]

I've been noticing the same thing on my CentOS 6.5 builds. Not happening on my Ubuntu 14.04 builds. Running iptables-restart works, but then a day or so later the service stops again.

It only happens after I use ./add-fqdn, ./add-ip doesn't seem to do it.

 

[wa4zlw]

this started happening all of a sudden when I was trying to add endpoints into the tables. i tried the restart and it didn't work (i.e. still wasnt running)

just ran again....also i was adding IPs not FQDN....fail2ban seems to take awhile to stop also.

latest run:

WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ iptables-restart
iptables: Setting chains to policy ACCEPT: filter mangle na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [FAILED]
No IPtables problems found.
Stopping fail2ban: [ OK ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
[ OK ]
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $

 

[wardmundy]

Please post the results from running the following command:

grep "sed -i" /root/add-ip

And PLEASE put listing inside CODE tags.

 

[wa4zlw]

root@pbx:~ $ grep "sed -i" /root/add-ip
sed -i '/# End of Trusted Provider Section/r '$tmpfile'' /etc/sysconfig/iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $

 

[wardmundy]

The script is damaged. Download the scripts below and try again after deleting each of your existing whitelist.iptables entries with del-acct:

cd /root
wget http://incrediblepbx.com/tm3scripts-centos.tar.gz
tar zxvf tm3scripts-centos.tar.gz
rm tm3scripts-centos.tar.gz

 

[wa4zlw]

FAILS:

root@pbx:~ $ cd /root
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ wget http://incrediblepbx.com/tm3scripts-centos.tar.gz
--2015-09-13 14:45:42-- http://incrediblepbx.com/tm3scripts-centos.tar.gz
Resolving incrediblepbx.com...
74.86.213.25
Connecting to incrediblepbx.com|74.86.213.25|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2828 (2.8K) [application/x-gzip]
Saving to: “tm3scripts-centos.tar.gz”
 
100%[======================================>] 2,828 --.-K/s in 0s
 
2015-09-13 14:45:47 (81.8 MB/s) - “tm3scripts-centos.tar.gz” saved [2828/2828]
 
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ tar zxvf tm3scripts-centos.tar.gz
add-ip
add-fqdn
del-acct
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ iptables-restart
iptables: Setting chains to policy ACCEPT: filter mangle na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [FAILED]
No IPtables problems found.
Stopping fail2ban: [ OK ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
[ OK ]
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ status
 
Incredible PBX 11-12.1 for CentOS 6
 
Asterisk: UP Apache: UP MySQL: UP
SendMail: UP IPtables: DN SSH: UP
LAN port: UP Fail2Ban: UP Webmin: UP
 
RAM: CentOS release 6.6 Disk:45G
 
Asterisk 11.18.0 Incredible GUI 12.0.30
 
Private IP: 10.196.4.10 10.196.100.10
 
Public IP: 173..x.y.z
 
System Time: Sun Sep 13 14:47:22 EDT 2015
 
 
 
< OK >

 

[lrosenman]

so, what is the permissions on /var/run/fail2ban
ls -la /var/run/fail2ban

 

[wa4zlw]

root@pbx:~ $ ls -la /var/run/fail2ban
total 12
drwxr-xr-x. 2 root root 4096 Sep 13 14:47 .
drwxr-xr-x. 33 root root 4096 Sep 13 10:41 ..
-rw------- 1 root root 6 Sep 13 14:47 fail2ban.pid
srwx------ 1 root root 0 Sep 13 14:47 fail2ban.sock
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $

 

[wardmundy]

One more time, put your stuff in CODE tags (as shown below) so it's easier to read.

For whatever reason, your IPtables config file is hosed. Create a script that looks like this, make it executable, and run it. Then reenter your custom whitelist entries with /root/add-ip and /root/add-fqdn.

cd /root
rm *.iptables
# server IP address is?
serverip=`ifconfig | grep "inet" | head -1 | cut -f 2 -d ":" | tail -1 | cut -f 1 -d " "`
# user IP address while logged into SSH is?
userip=`echo $SSH_CONNECTION | cut -f 1 -d " "`
# public IP address in case we're on private LAN
publicip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com | awk 'NR==2'`
# WhiteList all of them by replacing 8.8.4.4 and 8.8.8.8 and 74.86.213.25 entries
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
cd /etc/sysconfig
# yep we use the same iptables rules on the Ubuntu platform
wget http://pbxinaflash.com/iptables4-ubuntu14.tar.gz
tar zxvf iptables4-ubuntu14.tar.gz
rm -f iptables4-ubuntu14.tar.gz
cp rules.v4.ubuntu14 iptables
sed -i 's|8.8.4.4|'$serverip'|' /etc/sysconfig/iptables
sed -i 's|8.8.8.8|'$userip'|' /etc/sysconfig/iptables
sed -i 's|74.86.213.25|'$publicip'|' /etc/sysconfig/iptables
badline=`grep -n "\-s  \-j" /etc/sysconfig/iptables | cut -f1 -d: | tail -1`
while [[ "$badline" != "" ]]; do
sed -i "${badline}d" /etc/sysconfig/iptables
badline=`grep -n "\-s  \-j" /etc/sysconfig/iptables | cut -f1 -d: | tail -1`
done
iptables-restart

 

[wa4zlw]

ok on code I never knew where it was just found it, sorry

ok that worked but fail2ban is very slow but it is working

root@pbx:~ $ cd /root
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ rm *.iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ # server IP address is?
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ serverip=`ifconfig | grep "inet" | head -1 | cut -f 2 -d ":" | tail -1 | cut -f 1 -d " "`
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ # user IP address while logged into SSH is?
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ userip=`echo $SSH_CONNECTION | cut -f 1 -d " "`
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ # public IP address in case we're on private LAN
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ publicip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com | awk 'NR==2'`
 
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ # WhiteList all of them by replacing 8.8.4.4 and 8.8.8.8 and 74.86.213.25 entries
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ cd /etc/sysconfig
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ # yep we use the same iptables rules on the Ubuntu platform
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ wget http://pbxinaflash.com/iptables4-ubuntu14.tar.gz
--2015-09-13 15:15:27--  http://pbxinaflash.com/iptables4-ubuntu14.tar.gz
Resolving pbxinaflash.com... 74.86.213.25
Connecting to pbxinaflash.com|74.86.213.25|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1853 (1.8K) [application/x-gzip]
Saving to: “iptables4-ubuntu14.tar.gz”
 
100%[======================================>] 1,853      --.-K/s  in 0s
 
2015-09-13 15:15:32 (80.0 MB/s) - “iptables4-ubuntu14.tar.gz” saved [1853/1853]
 
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ tar zxvf iptables4-ubuntu14.tar.gz
rules.v4.ubuntu14
rules.v6.ubuntu14
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ rm -f iptables4-ubuntu14.tar.gz
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ cp rules.v4.ubuntu14 iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ sed -i 's|8.8.4.4|'$serverip'|' /etc/sysconfig/iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ sed -i 's|8.8.8.8|'$userip'|' /etc/sysconfig/iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ sed -i 's|74.86.213.25|'$publicip'|' /etc/sysconfig/iptables
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ badline=`grep -n "\-s  \-j" /etc/sysconfig/iptables | cut -f1 -d: | tail -1`
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ while [[ "$badline" != "" ]]; do
> sed -i "${badline}d" /etc/sysconfig/iptables
> badline=`grep -n "\-s  \-j" /etc/sysconfig/iptables | cut -f1 -d: | tail -1`
> done
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $ iptables-restart
iptables: Setting chains to policy ACCEPT: filter mangle na[  OK  ]
iptables: Flushing firewall rules:                        [  OK  ]
iptables: Unloading modules:                              [  OK  ]
iptables: Applying firewall rules:                        [  OK  ]
No IPtables problems found.
Stopping fail2ban:                                        [  OK  ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
                                                          [  OK  ]
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:/etc/sysconfig $

 

[lrosenman]

going on the message about the existence of /var/run/fail2ban, and the contents you showed above, fail2ban left some files.

rm /var/run/fail2ban/*
service fail2ban start

 

[wa4zlw]

there should be a command to display the custom rules added so you know whats there

 

[wa4zlw]

root@pbx:~ $ rm /var/run/fail2ban/*
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $ service fail2ban start
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
                                                          [  OK  ]
WARNING: Always run Incredible PBX VM behind a secure hardware-based firewall.
root@pbx:~ $

 

[lrosenman]

so it starts (so it says), but whines about the directory

does fail2ban or ipstables show down in the status display?