vicidial.org

[jlam]

Hello all,
Brand new Vicibox 11 install:
Locked myself out trying to enable the whitelist:
Steps taken:
Enabled the IP list in Admin- System settings
Added ips to the whitelist and enabled the whitelist

Commented out the 2 default crontab entries and added these:
@reboot /usr/bin/VB-firewall --white --quiet
* * * * * /usr/bin/VB-firewall --white --quiet

Set etho to public in yast and removed all services except ssh
As soon as the crontab ran it locked me out
Server is hosted with a static ip for - single server no cluster
Had the host comment out crontab lines and reboot the server which gave me access again- also added back in the default services in the public zone and restarted the firewall
Not sure what to do next to implement without locking myself out - Also confirmed that my ip was in the whitelist
Any advice is appreciated!
Thank you

Vicidial: VERSION: 2.14-933a BUILD: 241208-1747
Vicibox v.11.0
openSUSE Leap 15.5
Linux 5.14.21-150500.55.12-default

[carpenox]

I havent updated this in a while, i probably need to but this should give you some guidance


https://dialer.one/index.php/how-to-sec ... ly-part-1/

[williamconley]

Note that while testing, it can be useful to use "screen" to run a "sleep 600; reboot" and then leave that screen running (detach from it). Then you do NOT use the crontab firewall entries, just run them manually from the CLI.

Result: if you lock yourself out, the system reboots in 10 minutes and does not run the firewall. So you can go get a soda and try again in a few minutes. Without the Embarrassing Moment with the hosting provider.

Also a great reason to run a Sandbox Vicidial in a VM. So you can practice this sort of thing (and MANY others) with zero effect on any live server(s).