Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo
Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba
by kashinc » Sun Sep 19, 2021 7:06 am
Has anyone got the dynamic firewall working on version 10 yet???
-
kashinc
-
- Posts: 75
- Joined: Thu Apr 23, 2015 12:04 pm
by carpenox » Tue Sep 21, 2021 10:54 pm
Alma Linux 9.4 | SVN Version: 3890 | DB Schema Version: 1721 | Asterisk 18.21.1 | PHP8
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WA: +19549477572
GC: https://join.skype.com/ujkQ7i5lV78O | DC: https://discord.gg/DVktk6smbh
-
carpenox
-
- Posts: 2426
- Joined: Wed Apr 08, 2020 2:02 am
- Location: St Petersburg, FL
-
by kashinc » Tue Sep 28, 2021 10:43 pm
Hey,
I did try this and had zero luck....
did it in this order as well
firewall-cmd --permanent --new-ipset=whiteips --type=hash:ip
firewall-cmd --permanent --new-ipset=whitenets --type=hash:ip
firewall-cmd --permanent --new-ipset=dynamic --type=hash:ip
firewall-cmd --permanent --new-ipset=blackips --type=hash:ip
firewall-cmd --reload
- then added this to the bottom of my crontab as the only firewall entry
@reboot /usr/bin/VB-firewall --dynamic --whitelist=ViciWhite
* * * * * /usr/bin/VB-firewall --dynamic --whitelist-ViciWhite
-I then ran this
/usr/bin/VB-firewall --dynamic --white
rebooted... once the reboot is done the box wont let me SSH from the external net at all.... something is missing... I need to get this working, let me know what I can do to help. Half my cluster is 9.03 and the other is 10 without a proper firewall.
-
kashinc
-
- Posts: 75
- Joined: Thu Apr 23, 2015 12:04 pm
by kashinc » Sun Oct 17, 2021 4:59 am
Has anyone had any luck getting the dynamic portal and whitelist fixed in version 10 yet??? I am debating on going back to 9.0.3
-
kashinc
-
- Posts: 75
- Joined: Thu Apr 23, 2015 12:04 pm
by kevinhippert » Mon Nov 29, 2021 5:48 pm
One potential problem is "VB-firewall.pl" does not exist in /usr/bin nor in /usr/local/bin on a clean install of Vicibox 10. Searching the system, I can not find it anywhere. Not sure if it got pulled because it was breaking things or it is a mistake.
Leap 15.3 | Version: 2.14-833a | BUILD: 211106-1500 | SVN Version: 3540 | DB Schema Version: 1648 | Asterisk 13.38.2-vici
-
kevinhippert
-
- Posts: 4
- Joined: Thu Dec 01, 2016 11:31 am
by carpenox » Mon Nov 29, 2021 7:25 pm
Search without the. Pl
Alma Linux 9.4 | SVN Version: 3890 | DB Schema Version: 1721 | Asterisk 18.21.1 | PHP8
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WA: +19549477572
GC: https://join.skype.com/ujkQ7i5lV78O | DC: https://discord.gg/DVktk6smbh
-
carpenox
-
- Posts: 2426
- Joined: Wed Apr 08, 2020 2:02 am
- Location: St Petersburg, FL
-
by kevinhippert » Tue Nov 30, 2021 10:45 am
Thanks you are correct, removing .pl found the file in /usr/bin. I did not realize there were situations where "ls" would not sort alphabetically which is why I did not find it by looking through the "V" files in either directory. More programs should be written with randomly inconsistent behavior, it makes computing more fun.
Leap 15.3 | Version: 2.14-833a | BUILD: 211106-1500 | SVN Version: 3540 | DB Schema Version: 1648 | Asterisk 13.38.2-vici
-
kevinhippert
-
- Posts: 4
- Joined: Thu Dec 01, 2016 11:31 am
by vkad » Sun Jan 16, 2022 9:23 pm
The error is here
In the dynamic section code when the user logs in through the portal the IP is added to the blacklist because of this incorrect logic.
- Code: Select all
doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");
This should be changed to:
- Code: Select all
doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
-
vkad
-
- Posts: 208
- Joined: Thu Nov 09, 2017 3:46 am
by covarrubiasgg » Mon Mar 28, 2022 1:32 pm
Here is a Patch in case you don´t want o manually locate the line and edit the file
- Code: Select all
--- VB-firewall 2022-03-26 21:32:35.247713770 -0700
+++ VB-firewall 2022-03-26 21:32:44.244088080 -0700
@@ -760,7 +760,7 @@
if (@dynamicips > 0 ) {
verboseoutput(" DynamicList found " . @dynamicips . " entries in ViciDial");
- doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");
+ doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");
} else { verboseoutput(" No DynamicList entries found in ViciDial"); }
verboseoutput(" DynamicList done!");
}
-
covarrubiasgg
-
- Posts: 420
- Joined: Thu Jun 10, 2010 10:20 am
- Location: Tijuana, Mexico
-
by Kumba » Thu Mar 31, 2022 12:55 pm
The fix has been committed to the firewall package. You can do a 'zypper ref && zypper up' to pull it in.
-
Kumba
-
- Posts: 939
- Joined: Tue Oct 16, 2007 11:44 pm
- Location: Florida
Return to ViciBox Server Install and Demo
Who is online
Users browsing this forum: No registered users and 31 guests