FYI Problem with ./add-ip

unsichtbarre

Member
Joined
May 17, 2009
Messages
140
Reaction score
5
Hi Everyone!

I have run ./add-ip to whitelist a few IPs necessary for my system and a couple things happen, but IP is not whitelisted.
Code:
root@pbx1:~#./add-ip 1234 8.8.8.8
The following services are available for activation with 8.8.8.8:
0 - ALL Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - t*f*t*p
8 - SSH
9 - FOP
Enter the services desired by number. Separate entries with commas.
For example: 1,4 would activate standard UDP SIP plus web access.

0

The following whitelisted services were requested for 8.8.8.8:
ALL Services
ln: failed to create symbolic link '/usr/sbin/iptables': File exists
IP address successfully added to WhiteList.

To display current iptables rules in effect for this IP address,  press Enter.
The following iptables rules now are in effect for 8.8.8.8:
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
root@pbx1:~#
Moreover, a file is created "1234.iptables" but it is completely blank!

Ubuntu 18.04 - upcloud - build based off of: http://nerdvittles.com/?p=25930

Any help appreciated!
THX
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
The blank 1234.iptables is correct. The following entry tells me it is, in fact, whitelisted since that data is pulled from uptables -nL:
Code:
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
 

unsichtbarre

Member
Joined
May 17, 2009
Messages
140
Reaction score
5
Whitelist does not seem to be working. I built at home and whitelisted my office during the build, and can't get in from my office. I went home again, presuming it was my mistake and did it again, then for another IP at my office, and neither can get in.

My office is: 89.116.249.253 and, at minimum can not access 80 & 443

Oddly, my home (89.116.249.199) can access everything

Code:
root@pbx1:~# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x10/0x10
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED
ACCEPT     all  --  127.0.0.0/8          0.0.0.0/0
ACCEPT     all  --  10.0.0.0/8           0.0.0.0/0
ACCEPT     all  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     all  --  172.16.0.0/12        0.0.0.0/0
ACCEPT     all  --  65.117.249.199       0.0.0.0/0
ACCEPT     all  --  152.44.37.182        0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53 dpts:9999:65535
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:113
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1723
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:32976
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:4445
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5353
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000
<<lines removed>>
ACCEPT     all  --  35.156.192.164       0.0.0.0/0
ACCEPT     all  --  50.17.48.216         0.0.0.0/0
ACCEPT     all  --  52.60.138.31         0.0.0.0/0
ACCEPT     all  --  52.8.201.128         0.0.0.0/0
ACCEPT     all  --  52.41.52.34          0.0.0.0/0
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  38.130.255.68        0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  173.246.36.196       0.0.0.0/0            udp dpts:5060:5069
ACCEPT     udp  --  207.239.159.171      0.0.0.0/0            udp dpts:5060:5069
ACCEPT     all  --  152.44.37.118        0.0.0.0/0
ACCEPT     udp  --  89.117.249.253       0.0.0.0/0            udp dpts:5060:5069
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpts:5060:5069
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            multiport dports 80,9080
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpt:9001
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            tcp dpt:21
ACCEPT     udp  --  89.117.249.253       0.0.0.0/0            udp dpt:69
ACCEPT     tcp  --  89.117.249.253       0.0.0.0/0            multiport dports 22,9022
ACCEPT     all  --  8.8.8.8              0.0.0.0/0
ACCEPT     all  --  89.117.249.253       0.0.0.0/0
ACCEPT     all  --  89.116.249.253       0.0.0.0/0
ACCEPT     all  --  64.2.142.187         0.0.0.0/0
ACCEPT     all  --  64.2.142.215         0.0.0.0/0
ACCEPT     all  --  64.2.142.190         0.0.0.0/0
ACCEPT     all  --  64.2.142.17          0.0.0.0/0
ACCEPT     all  --  64.2.142.216         0.0.0.0/0
ACCEPT     all  --  64.2.142.111         0.0.0.0/0
ACCEPT     all  --  64.2.142.87          0.0.0.0/0
ACCEPT     all  --  64.2.142.109         0.0.0.0/0
ACCEPT     all  --  64.2.142.188         0.0.0.0/0
ACCEPT     all  --  64.2.142.106         0.0.0.0/0
ACCEPT     all  --  64.2.142.189         0.0.0.0/0
ACCEPT     all  --  64.2.142.107         0.0.0.0/0
ACCEPT     all  --  64.2.142.9           0.0.0.0/0
ACCEPT     all  --  66.241.99.194        0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@pbx1:~#
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Is your home PBX behind a router? Have you forwarded the ports to your PBX's private IP?
 

unsichtbarre

Member
Joined
May 17, 2009
Messages
140
Reaction score
5
Thanks for the assist. service iptables restart seems to have gotten things going. Should I be concerned with this:
Code:
The following whitelisted services were requested for 65.117.249.5:
ALL Services
ln: failed to create symbolic link '/usr/sbin/iptables': File exists
IP address successfully added to WhiteList.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Not a concern with link failure. BUT... you need to use iptables-restart or portions of the the IPtables whitelist won't get loaded AND fail2ban won't be started.
 

Members online

No members online now.

Forum statistics

Threads
25,781
Messages
167,507
Members
19,200
Latest member
mricot
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top