Page tree
Skip to end of metadata
Go to start of metadata

Starting with FreePBX Firewall version 13.0.23.1 (with additional options added in ver. 13.0.43.1), the FreePBX Firewall has the following command line controls:

for help use: fwconsole firewall --help

Help
[root@lgaetzdev2 ~]# fwconsole firewall --help
______                   ______ ______ __   __
|  ___|                  | ___ \| ___ \\ \ / /
| |_    _ __   ___   ___ | |_/ /| |_/ / \ V /
|  _|  | '__| / _ \ / _ \|  __/ | ___ \ /   \
| |    | |   |  __/|  __/| |    | |_/ // /^\ \
\_|    |_|    \___| \___|\_|    \____/ \/   \/

Usage:
  firewall [options] [--] <cmd> [<opt>] [<ids>]...

Arguments:
  cmd                   Command to run (see --help)
  opt                   Optional parameter
  ids                   IDs to add or remove from a zone

Options:
  -f, --force           Force Add/Removal of entry
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Help:
  Valid Commands:
  disable : Disable the System Firewall. This will shut it down cleanly.
  stop : Stop the System Firewall
  start : Start (and enable, if disabled) the System Firewall
  restart : Restart the System Firewall
  lerules [enable] or [disable] : Enable or disable Lets Encrypt rules.
  trust : Add the hostname or IP specified to the Trusted Zone
  untrust : Remove the hostname or IP specified from the Trusted Zone
  list [zone] : List all entries in zone 'zone'
  add [zone] [id id id..] : Add to 'zone' the IDs provided.
  del [zone] [id id id..] : Delete from 'zone' the IDs provided.
  fix_custom_rules : Create the files for the custom rules if they don't exist and set the permissions and owners correctly.
  When adding or deleting from a zone, one or many IDs may be provided.
  These may be IP addresses, hostnames, or networks.
  For example:

  fwconsole firewall add trusted 10.46.80.0/24 hostname.example.com 1.2.3.4

 

Firewall commands and usage examples:

  • disable - This disables the FreePBX Firewall module, stops the service, and immediately flushes all iptables rules. Disable differs from stop in that the module stays disabled after a reboot. Note there is no corresponding enable command, use start instead.

    Example
    # fwconsole firewall disable

     

  • stopThis temporarily stops the FreePBX Firewall until it is manually started or until the pbx is booted. All existing iptables rules are immediately flushed. 

    Example
    # fwconsole firewall stop

     

  • start - This starts the FreePBX Firewall, enabling first if necessary

    Example
    # fwconsole firewall start
    Enabling Firewall.
    
    Broadcast message from <fqdn redacted> (Wed Apr 13 11:02:22 2016):
    Firewall service now starting.
  • restart - Stops service if running and starts again

    # fwconsole firewall restart
    Enabling Firewall.
  • lerules - enables or disables the Lets Encrypt rules to allow inbound LE validation on port 80

    # fwconsole firewall lerules enable
    Lets Encrypt rules enabled successfully. Restarting Firewall...
    # fwconsole firewall lerules disable
    Lets Encrypt rules disabled successfully. Restarting Firewall...
  • trust - Adds a host to the list of trusted networks shown on the zones, networks page

    Examples
    # fwconsole firewall trust www.google.com
    Attempting to add www.google.com to Trusted Zone
    Success. Entry added to Trusted Zone.
     
    # fwconsole firewall trust 192.168.0.1/24
    Attempting to add 192.168.0.1/24 to Trusted Zone
    Success. Entry added to Trusted Zone.

     

  • untrust - removes a host (if present) from the list of trusted networks shown on the zones, networks page

    Examples
    # fwconsole firewall untrust www.google.com
    Attempting to remove www.google.com from Trusted Zone
    Success. Entry removed from Trusted Zone.
    
    # fwconsole firewall untrust 192.168.0.1/24
    Attempting to remove 192.168.0.1/24 from Trusted Zone
    Success. Entry removed from Trusted Zone.
  • list - list all hosts for a specified zone, acceptable zones are external, other, internal, trusted, and blacklist

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall list blacklist
    All blacklisted entries.
            8.8.8.8
            google.com: (Resolves to 216.58.219.206)
     
    [root@lgaetzdev2 ~]# fwconsole firewall list trusted
    All entries in zone 'trusted':
            192.168.0.0/16
            172.16.0.0/12
            10.0.0.0/8
            fc00::/8
            fd00::/8
            127.0.0.1/32
  • add - add host(s) to specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall add blacklist example.com 192.168.15.0/24
    Attempting to add 'example.com' to Blacklist ... Success!
    Attempting to add '192.168.15.0/24' to Blacklist ... Success!
    
    [root@lgaetzdev2 ~]# fwconsole firewall add other 192.168.75.0/24
    Attempting to add '192.168.75.0/24' to Zone 'other' ... Success!
  • del - delete host(s) from the specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall list other
    All entries in zone 'other':
            192.168.75.0/24
    
    [root@lgaetzdev2 ~]# fwconsole firewall del other 192.168.75.0/24
    Attempting to remove 192.168.75.0/24 from 'other' Zone ... Success!
    
    [root@lgaetzdev2 ~]# fwconsole firewall list other
    All entries in zone 'other':
    
    

  • No labels