vicidial.org

Posted: **Sun Sep 19, 2021 7:06 am**

Has anyone got the dynamic firewall working on version 10 yet???

Posted: **Tue Sep 21, 2021 10:54 pm**

yes i just did, heres how:

https://cyburdial.net/how-to-fix-the-fi ... vicibox10/

Posted: **Tue Sep 28, 2021 10:43 pm**

Hey,

I did try this and had zero luck....

did it in this order as well

firewall-cmd --permanent --new-ipset=whiteips --type=hash:ip
firewall-cmd --permanent --new-ipset=whitenets --type=hash:ip
firewall-cmd --permanent --new-ipset=dynamic --type=hash:ip
firewall-cmd --permanent --new-ipset=blackips --type=hash:ip
firewall-cmd --reload

- then added this to the bottom of my crontab as the only firewall entry
@reboot /usr/bin/VB-firewall --dynamic --whitelist=ViciWhite
* * * * * /usr/bin/VB-firewall --dynamic --whitelist-ViciWhite

-I then ran this
/usr/bin/VB-firewall --dynamic --white

rebooted... once the reboot is done the box wont let me SSH from the external net at all.... something is missing... I need to get this working, let me know what I can do to help. Half my cluster is 9.03 and the other is 10 without a proper firewall.

Posted: **Sun Oct 17, 2021 4:59 am**

Has anyone had any luck getting the dynamic portal and whitelist fixed in version 10 yet??? I am debating on going back to 9.0.3

Posted: **Mon Nov 29, 2021 5:48 pm**

One potential problem is "VB-firewall.pl" does not exist in /usr/bin nor in /usr/local/bin on a clean install of Vicibox 10. Searching the system, I can not find it anywhere. Not sure if it got pulled because it was breaking things or it is a mistake.

Posted: **Mon Nov 29, 2021 7:25 pm**

Search without the. Pl

Posted: **Tue Nov 30, 2021 10:45 am**

Thanks you are correct, removing .pl found the file in /usr/bin. I did not realize there were situations where "ls" would not sort alphabetically which is why I did not find it by looking through the "V" files in either directory. More programs should be written with randomly inconsistent behavior, it makes computing more fun.

Posted: **Sun Jan 16, 2022 9:23 pm**

The error is here

In the dynamic section code when the user logs in through the portal the IP is added to the blacklist because of this incorrect logic.

Code: Select all: doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");

This should be changed to:

Code: Select all: doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");

Posted: **Mon Mar 28, 2022 1:32 pm**

Here is a Patch in case you don´t want o manually locate the line and edit the file

Code: Select all: --- VB-firewall 2022-03-26 21:32:35.247713770 -0700 +++ VB-firewall 2022-03-26 21:32:44.244088080 -0700 @@ -760,7 +760,7 @@ if (@dynamicips > 0 ) { verboseoutput(" DynamicList found " . @dynamicips . " entries in ViciDial"); - doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList"); + doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList"); } else { verboseoutput(" No DynamicList entries found in ViciDial"); } verboseoutput(" DynamicList done!"); }

Posted: **Thu Mar 31, 2022 12:55 pm**

The fix has been committed to the firewall package. You can do a 'zypper ref && zypper up' to pull it in.

vicidial.org

VICIBOX 10 & Firewall

VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall

Re: VICIBOX 10 & Firewall