Firewall Command Line
Starting with FreePBX Firewall version 13.0.23.1 (with additional options added in ver. 13.0.43.1), the FreePBX Firewall has the following command line controls:
for help use: fwconsole firewall --help
Help
[root@lgaetzdev2 ~]# fwconsole firewall --help
______ ______ ______ __ __
| ___| | ___ \| ___ \\ \ / /
| |_ _ __ ___ ___ | |_/ /| |_/ / \ V /
| _| | '__| / _ \ / _ \| __/ | ___ \ / \
| | | | | __/| __/| | | |_/ // /^\ \
\_| |_| \___| \___|\_| \____/ \/ \/
Usage:
firewall [options] [--] <cmd> [<opt>] [<ids>]...
Arguments:
cmd Command to run (see --help)
opt Optional parameter
ids IDs to add or remove from a zone
Options:
-f, --force Force Add/Removal of entry
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
Help:
Valid Commands:
disable : Disable the System Firewall. This will shut it down cleanly.
stop : Stop the System Firewall
start : Start (and enable, if disabled) the System Firewall
restart : Restart the System Firewall
lerules [enable] or [disable] : Enable or disable Lets Encrypt rules.
trust : Add the hostname or IP specified to the Trusted Zone
untrust : Remove the hostname or IP specified from the Trusted Zone
list [zone] : List all entries in zone 'zone'
add [zone] [id id id..] : Add to 'zone' the IDs provided.
del [zone] [id id id..] : Delete from 'zone' the IDs provided.
fix_custom_rules : Create the files for the custom rules if they don't exist and set the permissions and owners correctly.
When adding or deleting from a zone, one or many IDs may be provided.
These may be IP addresses, hostnames, or networks.
For example:
fwconsole firewall add trusted 10.46.80.0/24 hostname.example.com 1.2.3.4 |
Firewall commands and usage examples:
disable - This disables the FreePBX Firewall module, stops the service, and immediately flushes all iptables rules. Disable differs from stop in that the module stays disabled after a reboot. Note there is no corresponding enable command, use start instead.
Example
# fwconsole firewall disable
stop - This temporarily stops the FreePBX Firewall until it is manually started or until the pbx is booted. All existing iptables rules are immediately flushed.
Example
# fwconsole firewall stop
start - This starts the FreePBX Firewall, enabling first if necessary
Example
restart - Stops service if running and starts again
lerules - enables or disables the Lets Encrypt rules to allow inbound LE validation on port 80
trust - Adds a host to the list of trusted networks shown on the zones, networks page
Examples
untrust - removes a host (if present) from the list of trusted networks shown on the zones, networks page
Examples
list - list all hosts for a specified zone, acceptable zones are external, other, internal, trusted, and blacklist
Examples
add - add host(s) to specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces
Examples
del - delete host(s) from the specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces
Examples