Page tree
Skip to end of metadata
Go to start of metadata

Starting with FreePBX Firewall version 13.0.23.1 (with additional options added in ver. 13.0.43.1), the FreePBX Firewall has the following command line controls:

for help use: fwconsole firewall --help

Help
[root@lgaetzdev2 ~]# fwconsole firewall --help
 ______             _____  ______   __
|  ____|           |  __ \|  _ \ \ / /
| |__ _ __ ___  ___| |__) | |_) \ V /
|  __| '__/ _ \/ _ \  ___/|  _ < > <
| |  | | |  __/  __/ |    | |_) / . \
|_|  |_|  \___|\___|_|    |____/_/ \_\
Usage:
 firewall [-f|--force] [-h|--help] cmd [opt] [ids1] ... [idsN]
Arguments:
 cmd                   Command to run (see --help)
 opt                   Optional parameter
 ids                   IDs to add or remove from a zone
Options:
 --force (-f)          Force Add/Removal of entry
 --help (-h)           Display this help message
 --quiet (-q)          Do not output any message
 --verbose (-v|vv|vvv) Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
 --version (-V)        Display this application version
 --ansi                Force ANSI output
 --no-ansi             Disable ANSI output
 --no-interaction (-n) Do not ask any interactive question
Help:
 Valid Commands:
 disable : Disable the System Firewall. This will shut it down cleanly.
 stop : Stop the System Firewall
 start : Start (and enable, if disabled) the System Firewall
 trust : Add the hostname or IP specified to the Trusted Zone
 untrust : Remove the hostname or IP specified from the Trusted Zone
 list [zone] : List all entries in zone 'zone'
 add [zone] [id id id..] : Add to 'zone' the IDs provided.
 del [zone] [id id id..] : Delete from 'zone' the IDs provided.
 When adding or deleting from a zone, one or many IDs may be provided.
 These may be IP addresses, hostnames, or networks.
 For example:
 fwconsole firewall add trusted 10.46.80.0/24 hostname.example.com 1.2.3.4

 

Firewall commands and usage examples:

  • disable - This disables the FreePBX Firewall module, stops the service, and immediately flushes all iptables rules. Disable differs from stop in that the module stays disabled after a reboot. Note there is no corresponding enable command, use start instead.

    Example
    # fwconsole firewall disable

     

  • stopThis temporarily stops the FreePBX Firewall until it is manually started or until the pbx is booted. All existing iptables rules are immediately flushed. 

    Example
    # fwconsole firewall stop

     

  • start - This starts the FreePBX Firewall, enabling first if necessary

    Example
    # fwconsole firewall start
    Enabling Firewall.
    
    Broadcast message from <fqdn redacted> (Wed Apr 13 11:02:22 2016):
    Firewall service now starting.
  • trust - Adds a host to the list of trusted networks shown on the zones, networks page

    Examples
    # fwconsole firewall trust www.google.com
    Attempting to add www.google.com to Trusted Zone
    Success. Entry added to Trusted Zone.
     
    # fwconsole firewall trust 192.168.0.1/24
    Attempting to add 192.168.0.1/24 to Trusted Zone
    Success. Entry added to Trusted Zone.

     

  • untrust - removes a host (if present) from the list of trusted networks shown on the zones, networks page

    Examples
    # fwconsole firewall untrust www.google.com
    Attempting to remove www.google.com from Trusted Zone
    Success. Entry removed from Trusted Zone.
    
    # fwconsole firewall untrust 192.168.0.1/24
    Attempting to remove 192.168.0.1/24 from Trusted Zone
    Success. Entry removed from Trusted Zone.
  • list - list all hosts for a specified zone, acceptable zones are external, other, internal, trusted, and blacklist

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall list blacklist
    All blacklisted entries.
            8.8.8.8
            google.com: (Resolves to 216.58.219.206)
     
    [root@lgaetzdev2 ~]# fwconsole firewall list trusted
    All entries in zone 'trusted':
            192.168.0.0/16
            172.16.0.0/12
            10.0.0.0/8
            fc00::/8
            fd00::/8
            127.0.0.1/32
  • add - add host(s) to specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall add blacklist example.com 192.168.15.0/24
    Attempting to add 'example.com' to Blacklist ... Success!
    Attempting to add '192.168.15.0/24' to Blacklist ... Success!
    
    [root@lgaetzdev2 ~]# fwconsole firewall add other 192.168.75.0/24
    Attempting to add '192.168.75.0/24' to Zone 'other' ... Success!
  • del - delete host(s) from the specified zone, acceptable zones are external, other, internal, trusted, and blacklist, separate multiple hosts by spaces

    Examples
    [root@lgaetzdev2 ~]# fwconsole firewall list other
    All entries in zone 'other':
            192.168.75.0/24
    
    [root@lgaetzdev2 ~]# fwconsole firewall del other 192.168.75.0/24
    Attempting to remove 192.168.75.0/24 from 'other' Zone ... Success!
    
    [root@lgaetzdev2 ~]# fwconsole firewall list other
    All entries in zone 'other':
    
    

  • No labels