TRY THIS Struggling with 16-15 firewall and flowroute

Alex Hackney

Active Member
Joined
Jun 2, 2014
Messages
212
Reaction score
32
I had a system crash last week and I had to rebuild it. I accidentally removed the backups.

In any case, I decided to do the newest version for the client, a restaurant, and built it on a vultr nvme system with 2gb of ram.

Getting flowroute to work was a pain.

I'm still having an issue where I'm adding the firewall rules like this:

````
iptables -A INPUT -p udp -s 147.75.65.192/28 -j ACCEPT
iptables-save
````

But when I reboot or restart iptables the rule is gone and I have to re-add it.

Also with flowroute, instead of authentication, I'm basically just allowing anonymous sip calls and opening the firewall up to them. Is that the right way to do it?

Finally I want to move them to voipms but in the docs it says to use atlanta only. I'm guessing I can use another pop but I'll need to open the firewall for that as well? Is there a reason it says to use atlanta only?

Thanks!

Alex
 

kenn10

Well-Known Member
Joined
Dec 16, 2007
Messages
3,764
Reaction score
2,173
If you are running Travellig Man or Fail2Ban, I'd suggest you use ./add-fqdn or ./add-ip in the root directory. Those rules are reloaded on reboot.
 

Eliad

Active Member
Joined
Aug 13, 2017
Messages
619
Reaction score
127
VOIP.ms I use Seattle but I had to use ./add-fqdn . I think Atlanta IP is already included in Ward script.
 

Alex Hackney

Active Member
Joined
Jun 2, 2014
Messages
212
Reaction score
32
If you are running Travellig Man or Fail2Ban, I'd suggest you use ./add-fqdn or ./add-ip in the root directory. Those rules are reloaded on reboot.
Which is fine except I dont want to have to do 12 rules for each of their ips. I don't believe the ./add-ip script does ranges or /28s
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Which is fine except I dont want to have to do 12 rules for each of their ips. I don't believe the ./add-ip script does ranges or /28s

You can manually add an IP range in /usr/local/sbin/iptables-custom. Just add the first one with /root/add-ip and then go look at the code to adjust it. Then use iptables-restart exclusively. iptables save will wipe out all sorts of rules that you need.
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top