VICIBOX 10 & Firewall

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

VICIBOX 10 & Firewall

Postby kashinc » Sun Sep 19, 2021 7:06 am

Has anyone got the dynamic firewall working on version 10 yet???
kashinc
 
Posts: 70
Joined: Thu Apr 23, 2015 12:04 pm

Re: VICIBOX 10 & Firewall

Postby carpenox » Tue Sep 21, 2021 10:54 pm

Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1848
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: VICIBOX 10 & Firewall

Postby kashinc » Tue Sep 28, 2021 10:43 pm

Hey,

I did try this and had zero luck....

did it in this order as well

firewall-cmd --permanent --new-ipset=whiteips --type=hash:ip
firewall-cmd --permanent --new-ipset=whitenets --type=hash:ip
firewall-cmd --permanent --new-ipset=dynamic --type=hash:ip
firewall-cmd --permanent --new-ipset=blackips --type=hash:ip
firewall-cmd --reload

- then added this to the bottom of my crontab as the only firewall entry
@reboot /usr/bin/VB-firewall --dynamic --whitelist=ViciWhite
* * * * * /usr/bin/VB-firewall --dynamic --whitelist-ViciWhite

-I then ran this
/usr/bin/VB-firewall --dynamic --white

rebooted... once the reboot is done the box wont let me SSH from the external net at all.... something is missing... I need to get this working, let me know what I can do to help. Half my cluster is 9.03 and the other is 10 without a proper firewall.
kashinc
 
Posts: 70
Joined: Thu Apr 23, 2015 12:04 pm

Re: VICIBOX 10 & Firewall

Postby kashinc » Sun Oct 17, 2021 4:59 am

Has anyone had any luck getting the dynamic portal and whitelist fixed in version 10 yet??? I am debating on going back to 9.0.3
kashinc
 
Posts: 70
Joined: Thu Apr 23, 2015 12:04 pm

Re: VICIBOX 10 & Firewall

Postby kevinhippert » Mon Nov 29, 2021 5:48 pm

One potential problem is "VB-firewall.pl" does not exist in /usr/bin nor in /usr/local/bin on a clean install of Vicibox 10. Searching the system, I can not find it anywhere. Not sure if it got pulled because it was breaking things or it is a mistake.
Leap 15.3 | Version: 2.14-833a | BUILD: 211106-1500 | SVN Version: 3540 | DB Schema Version: 1648 | Asterisk 13.38.2-vici
kevinhippert
 
Posts: 4
Joined: Thu Dec 01, 2016 11:31 am

Re: VICIBOX 10 & Firewall

Postby carpenox » Mon Nov 29, 2021 7:25 pm

Search without the. Pl
Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1848
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: VICIBOX 10 & Firewall

Postby kevinhippert » Tue Nov 30, 2021 10:45 am

Thanks you are correct, removing .pl found the file in /usr/bin. I did not realize there were situations where "ls" would not sort alphabetically which is why I did not find it by looking through the "V" files in either directory. More programs should be written with randomly inconsistent behavior, it makes computing more fun.
Leap 15.3 | Version: 2.14-833a | BUILD: 211106-1500 | SVN Version: 3540 | DB Schema Version: 1648 | Asterisk 13.38.2-vici
kevinhippert
 
Posts: 4
Joined: Thu Dec 01, 2016 11:31 am

Re: VICIBOX 10 & Firewall

Postby vkad » Sun Jan 16, 2022 9:23 pm

The error is here

In the dynamic section code when the user logs in through the portal the IP is added to the blacklist because of this incorrect logic.

Code: Select all
                doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");


This should be changed to:

Code: Select all
                doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 208
Joined: Thu Nov 09, 2017 3:46 am

Re: VICIBOX 10 & Firewall

Postby covarrubiasgg » Mon Mar 28, 2022 1:32 pm

Here is a Patch in case you don´t want o manually locate the line and edit the file

Code: Select all
--- VB-firewall     2022-03-26 21:32:35.247713770 -0700
+++ VB-firewall 2022-03-26 21:32:44.244088080 -0700
@@ -760,7 +760,7 @@

        if (@dynamicips > 0 ) {
                verboseoutput("   DynamicList found " . @dynamicips . " entries in ViciDial");
-               doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");
+               doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
        } else { verboseoutput("   No DynamicList entries found in ViciDial"); }
        verboseoutput("  DynamicList done!");
 }
covarrubiasgg
 
Posts: 406
Joined: Thu Jun 10, 2010 10:20 am
Location: Tijuana, Mexico

Re: VICIBOX 10 & Firewall

Postby Kumba » Thu Mar 31, 2022 12:55 pm

The fix has been committed to the firewall package. You can do a 'zypper ref && zypper up' to pull it in.
Kumba
 
Posts: 920
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 12 guests