Firewall Command Line

Owned by Nathaniel Halbrooks
Dec 01, 2023
3 min read

Starting with FreePBX Firewall version 13.0.23.1 (with additional options added in ver. 13.0.43.1), the FreePBX Firewall has the following command line controls:

for help use: fwconsole firewall --help

Help

[root@lgaetzdev2 ~]# fwconsole firewall --help ______                   ______ ______ __   __ |  ___|                  | ___ \| ___ \\ \ / / | |_    _ __   ___   ___ | |_/ /| |_/ / \ V / |  _|  | '__| / _ \ / _ \|  __/ | ___ \ /   \ | |    | |   |  __/|  __/| |    | |_/ // /^\ \ \_|    |_|    \___| \___|\_|    \____/ \/   \/   Usage:   firewall [options] [--] <cmd> [<opt>] [<ids>]...   Arguments:   cmd                   Command to run (see --help)   opt                   Optional parameter   ids                   IDs to add or remove from a zone   Options:   -f, --force           Force Add/Removal of entry   -h, --help            Display this help message   -q, --quiet           Do not output any message   -V, --version         Display this application version       --ansi            Force ANSI output       --no-ansi         Disable ANSI output   -n, --no-interaction  Do not ask any interactive question   -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug   Help:   Valid Commands:   disable : Disable the System Firewall. This will shut it down cleanly.   stop : Stop the System Firewall   start : Start (and enable, if disabled) the System Firewall   restart : Restart the System Firewall   lerules [enable] or [disable] : Enable or disable Lets Encrypt rules.   trust : Add the hostname or IP specified to the Trusted Zone   untrust : Remove the hostname or IP specified from the Trusted Zone   list [zone] : List all entries in zone 'zone'   add [zone] [id id id..] : Add to 'zone' the IDs provided.   del [zone] [id id id..] : Delete from 'zone' the IDs provided.   fix_custom_rules : Create the files for the custom rules if they don't exist and set the permissions and owners correctly.   When adding or deleting from a zone, one or many IDs may be provided.   These may be IP addresses, hostnames, or networks.   For example:     fwconsole firewall add trusted 10.46.80.0/24 hostname.example.com 1.2.3.4

 

Firewall commands and usage examples:

  • disable - This disables the FreePBX Firewall module, stops the service, and immediately flushes all iptables rules. Disable differs from stop in that the module stays disabled after a reboot. Note there is no corresponding enable command, use start instead.

    Example

    # fwconsole firewall disable

     

  • stop - This temporarily stops the FreePBX Firewall until it is manually started or until the pbx is booted. All existing iptables rules are immediately flushed. 

    Example

    # fwconsole firewall stop

     

  • start - This starts the FreePBX Firewall, enabling first if necessary

    Example

  • restart - Stops service if running and starts again

  • lerules - enables or disables the Lets Encrypt rules to allow inbound LE validation on port 80

  • trust - Adds a host to the list of trusted networks shown on the zones, networks page

    Examples

     

  • untrust - removes a host (if present) from the list of trusted networks shown on the zones, networks page

    Examples

  • list - list all hosts for a specified zone, acceptable zones are external, other, internal, trusted, and blacklist

    Examples

  • add - add host(s) to specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples

  • del - delete host(s) from the specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples

Return to Documentation Home I Return to Sangoma Support