ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Custom IP tables rules for FreePBX

    IT Discussion
    freepbx iptables
    2
    6
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AdamF
      last edited by AdamF

      Has anyone added a custom firewall rule to the FreePBX responsive firewall?

      The new Responsive firewall has an option to add custom rules. From the documentation, it looks like you just have to enable the option for custom rules in the GUI, then create the file /etc/firewall-4.rules, and apply proper root permissions. Then write your iptables rule.

      I want to access the FreePBX CDR DB remotely, from a single IP. However, I've attempted a couple of times to write the rule, but the firewall rejects them, and says the rules are corrupted, and then restarts the firewall.

      Can anyone explain the proper rule to allow mySQL remote access from a single, external IP? Using the default 3306 port.

      1 Reply Last reply Reply Quote 1
      • J
        JaredBusch
        last edited by

        It is standard ip tables syntax.

        I added one when troubleshooting the ghost ring back issue on yealink phones with the pjsip protocol.

        So just google iptables allow mysql.

        1 Reply Last reply Reply Quote 1
        • J
          JaredBusch
          last edited by

          Here was my post on the subject.

          https://mangolassi.it/topic/13690/ghost-recall-when-using-pjsip-and-yealink-phones/2

          A 1 Reply Last reply Reply Quote 0
          • A
            AdamF @JaredBusch
            last edited by

            @jaredbusch Awesome. I'm going to try this.

            I was just about to followup with this, saying that I was able to get it working, by not using any custom rules at all. Since the IP that I want to allow, is my local office, which is where I want to connect to the mySQL data from, it works already. Reason: I have my local office IP listed in the Trusted Network area of the Responsive firewall.

            Of course, to get this to work, you have to change the listen address (bind address) in the etc/my.cnf file to listen on your public address, other than the loopback address.

            J 1 Reply Last reply Reply Quote 0
            • J
              JaredBusch @AdamF
              last edited by

              @fuznutz04 said in Custom IP tables rules for FreePBX:

              @jaredbusch Awesome. I'm going to try this.

              I was just about to followup with this, saying that I was able to get it working, by not using any custom rules at all. Since the IP that I want to allow, is my local office, which is where I want to connect to the mySQL data from, it works already. Reason: I have my local office IP listed in the Trusted Network area of the Responsive firewall.

              Of course, to get this to work, you have to change the listen address (bind address) in the etc/my.cnf file to listen on your public address, other than the loopback address.

              I would probably change it to listen on any to have one thing less to remember just in case something changes, but that is just personal preference.

              A 1 Reply Last reply Reply Quote 0
              • A
                AdamF @JaredBusch
                last edited by

                @jaredbusch said in Custom IP tables rules for FreePBX:

                @fuznutz04 said in Custom IP tables rules for FreePBX:

                @jaredbusch Awesome. I'm going to try this.

                I was just about to followup with this, saying that I was able to get it working, by not using any custom rules at all. Since the IP that I want to allow, is my local office, which is where I want to connect to the mySQL data from, it works already. Reason: I have my local office IP listed in the Trusted Network area of the Responsive firewall.

                Of course, to get this to work, you have to change the listen address (bind address) in the etc/my.cnf file to listen on your public address, other than the loopback address.

                I would probably change it to listen on any to have one thing less to remember just in case something changes, but that is just personal preference.

                Oh yeah, I did that actually. Then I created a user with select access to the crdb database. The root user by default, on FreePBX installations, has no password. However, the root user can only log in from the local server, so I don't see a need to implement a password. Unless I'm missing something....

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post