-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 15.0.13
-
Fix Version/s: None
-
Component/s: Firewall
-
Labels:None
-
ToDo:
-
Asterisk Version:16.19.0
-
Distro Version:12.7.8.2107-3.sng7
-
Distro:FreePBX Distro
Just updated a few servers to Firewall 15.0.13 and it seems the firewall module will reload all the rules minus any custom rules if there are any custom rules defined, at least if they are in the INPUT chain. According to the Wiki putting rules in INPUT should be OK.
The following is in /var/log/asterisk/firewall.log:
{{1626360748: There is an invading rule above us: -s 192.159.66.96/27 -j ACCEPT
1626360748: Resetting iptables}}
The invading rule is a custom rule, doesn't seem to matter if it's defined via the firewall GUI or in /etc/firewall-4.rules. If I revert to 15.0.8.14 the issue is not present.
It looks like something was added recently in drivers/Iptables.class.php that checks to see what the first rule is and if it doesn't contain 'fpbxfirewall' or 'fail2ban' will result in the rules being reloaded. Best guess based on the error anyway.
EDIT: Relevant community thread.
