Versions Compared

Version Old Version 1 New Version Current
Changes made by

Nathaniel Halbrooks

Merry Arpaia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
[root@lgaetzdev2 ~]# fwconsole firewall --help
______                   ______ ______ __   __
|  ___|                  | ___ \| ___ \\ \ / /
| |_    _ __   ___   ___ | |_/ /| |_/ / \ V /
|  _|  | '__| / _ \ / _ \|  __/ | ___ \ /   \
| |    | |   |  __/|  __/| |    | |_/ // /^\ \
\_|    |_|    \___| \___|\_|    \____/ \/   \/
 
Usage:
  firewall [options] [--] <cmd> [<opt>] [<ids>]...
 
Arguments:
  cmd                   Command to run (see --help)
  opt                   Optional parameter
  ids                   IDs to add or remove from a zone
 
Options:
  -f, --force           Force Add/Removal of entry
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
 
Help:
  Valid Commands:
  disable : Disable the System Firewall. This will shut it down cleanly.
  stop : Stop the System Firewall
  start : Start (and enable, if disabled) the System Firewall
  restart : Restart the System Firewall
  lerules [enable] or [disable] : Enable or disable Lets Encrypt rules.
  trust : Add the hostname or IP specified to the Trusted Zone
  untrust : Remove the hostname or IP specified from the Trusted Zone
  list [zone] : List all entries in zone 'zone'
  add [zone] [id id id..] : Add to 'zone' the IDs provided.
  del [zone] [id id id..] : Delete from 'zone' the IDs provided.
  fix_custom_rules : Create the files for the custom rules if they don't exist and set the permissions and owners correctly.
  When adding or deleting from a zone, one or many IDs may be provided.
  These may be IP addresses, hostnames, or networks.
  For example:
 
  fwconsole firewall add trusted 10.46.80.0/24 hostname.example.com 1.2.3.4

 

Firewall commands and usage examples:

  • disable - This disables the FreePBX Firewall module, stops the service, and immediately flushes all iptables rules. Disable differs from stop in that the module stays disabled after a reboot. Note there is no corresponding enable command, use start instead.

    Example

    Code Block
    # fwconsole firewall disable

     

  • stop - This temporarily stops the FreePBX Firewall until it is manually started or until the pbx is booted. All existing iptables rules are immediately flushed. 

    Example

    Code Block
    # fwconsole firewall stop

  • start - This starts the FreePBX Firewall, enabling first if necessary

    Example

    Code Block
    # fwconsole firewall start
Enabling Firewall.
 
Broadcast message from <fqdn redacted> (Wed Apr 13 11:02:22 2016):
Firewall service now starting.

  • restart - Stops service if running and starts again

    Code Block
    # fwconsole firewall restart
Enabling Firewall.

  • lerules - enables or disables the Lets Encrypt rules to allow inbound LE validation on port 80

    Code Block
    # fwconsole firewall lerules enable
Lets Encrypt rules enabled successfully. Restarting Firewall...
# fwconsole firewall lerules disable
Lets Encrypt rules disabled successfully. Restarting Firewall...

  • trust - Adds a host to the list of trusted networks shown on the zones, networks page

    Examples

    Code Block
    # fwconsole firewall trust www.google.com
Attempting to add www.google.com to Trusted Zone
Success. Entry added to Trusted Zone.
  
# fwconsole firewall trust 192.168.0.1/24
Attempting to add 192.168.0.1/24 to Trusted Zone
Success. Entry added to Trusted Zone.

     

  • untrust - removes a host (if present) from the list of trusted networks shown on the zones, networks page

    Examples

    Code Block
    # fwconsole firewall untrust www.google.com
Attempting to remove www.google.com from Trusted Zone
Success. Entry removed from Trusted Zone.
 
# fwconsole firewall untrust 192.168.0.1/24
Attempting to remove 192.168.0.1/24 from Trusted Zone
Success. Entry removed from Trusted Zone.

  • list - list all hosts for a specified zone, acceptable zones are external, other, internal, trusted, and blacklist

    Examples

    Code Block
    [root@lgaetzdev2 ~]# fwconsole firewall list blacklist
All blacklisted entries.
        8.8.8.8
        google.com: (Resolves to 216.58.219.206)
  
[root@lgaetzdev2 ~]# fwconsole firewall list trusted
All entries in zone 'trusted':
        192.168.0.0/16
        172.16.0.0/12
        10.0.0.0/8
        fc00::/8
        fd00::/8
        127.0.0.1/32

  • add - add host(s) to specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples

    Code Block
    [root@lgaetzdev2 ~]# fwconsole firewall add blacklist example.com 192.168.15.0/24
Attempting to add 'example.com' to Blacklist ... Success!
Attempting to add '192.168.15.0/24' to Blacklist ... Success!
 
[root@lgaetzdev2 ~]# fwconsole firewall add other 192.168.75.0/24
Attempting to add '192.168.75.0/24' to Zone 'other' ... Success!

  • del - delete host(s) from the specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples

    Code Block
    [root@lgaetzdev2 ~]# fwconsole firewall list other
All entries in zone 'other':
        192.168.75.0/24
 
[root@lgaetzdev2 ~]# fwconsole firewall del other 192.168.75.0/24
Attempting to remove 192.168.75.0/24 from 'other' Zone ... Success!
 
[root@lgaetzdev2 ~]# fwconsole firewall list other
All entries in zone 'other':