FreePBX
  1. FreePBX

firewall

Public

Network

 
AuthorCommitMessageCommit Date
Kapil GuptaKapil Gupta
7b5c97a9fc3MMerge pull request #115 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEPBX-22561 to firewall-improvements * commit '4a17154b9c3c7a4a2bc1b5d47f97c4552e4e8cfa': FREEPBX-22561 dynamic-jails array_search error
YoisYois
4a17154b9c3FREEPBX-22561 dynamic-jails array_search error For action unbanip, there's code to change out2 variable from array to string. This is both unnecessary and causes an error. This commit removes the problem code and properly searches fail2ban status results to ensure that the ip to be unbanned is already in the list.
Kapil GuptaKapil Gupta
db3f3ba9fe5MMerge pull request #113 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEPBX-22563 to firewall-improvements * commit '3c6c90a15c4032c7f67d8bb1498e2ed1c2c7b39b': FREEPBX-22563 Resolve security issues FREEPBX-22563 Display Fail2Ban blocks on Attacks page
YoisYois
3c6c90a15c4FREEPBX-22563 Resolve security issues *Retreiving data from the hook via the database requires loading FreePBX as root, which is not advised. This commit writes to a file instead *Handle AJAX errors *Validate that unblock is actually an IP address to prevent arbitrary code execution as root
YoisYois
2022032bbdeFREEPBX-22563 Display Fail2Ban blocks on Attacks page When the Sysadmin module is not activated, IP addresses blocked by Fail2Ban are not able to be manipulated within the GUI. The RFW seems to have been designed to work without Fail2Ban in the way. This commit will add the ability to view and unban IP addresses that have been blocked by the Fail2Ban asterisk-iptables jail when Sysadmin has not been activated. If Sysadmin is active, the proper place to control this is from the Intrusion D...
Kapil GuptaKapil Gupta
bda03225e8bMMerge pull request #114 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEPBX-22562 to firewall-improvements * commit 'e7944028452b672f153551c85023af5467508ef9': FREEPBX-22562 Prepare for Fail2Ban 0.11.1
YoisYois
e7944028452FREEPBX-22562 Prepare for Fail2Ban 0.11.1 In the process of upgrading to Fail2Ban 0.11.1 some code changes need to be made so that FreePBX can interact with it
Kapil GuptaKapil Gupta
45191c715c7MMerge pull request #112 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEI-3321 to firewall-improvements * commit '98fc71ba0d21347c0671e500ab057530f61e5e0b': FREEPBX-22543 Backup and restore fail2ban iptables
YoisYois
98fc71ba0d2FREEPBX-22543 Backup and restore fail2ban iptables When the firewall starts, iptables chains are removed (firewall.php line 128). This also removes fail2ban chains. This commit will backup existing fail2ban rules before cleaning iptables, and restore those rules before loading the rest of the FreePBX chains.
Kapil GuptaKapil Gupta
c5cd8dafd83[Module Tag script: firewall 16.0.35]
Kapil GuptaKapil Gupta
9a206a7ae1d[Module Tag script: firewall 16.0.34]
Kapil GuptaKapil Gupta
6c0ff8d9238[Module Tag script: firewall 16.0.34]
Kapil GuptaKapil Gupta
4ff16fe2ba2[Module Tag script: firewall 16.0.33]
Kapil GuptaKapil Gupta
82c6d83af7a[Module Tag script: firewall 16.0.32]
Kapil GuptaKapil Gupta
0639707bd68rebuilding voipfirewalld
Kapil GuptaKapil Gupta
cc069ea2ab0MMerge remote-tracking branch 'origin/release/15.0' into release/16.0 Conflicts: hooks/voipfirewalld
Kapil GuptaKapil Gupta
b403495249d[Module Tag script: firewall 15.0.8.24]
Kapil GuptaKapil Gupta
18076bccdaarebuilding voipfirewalld
Kapil GuptaKapil Gupta
1197d793c83[Module Tag script: firewall 15.0.8.23]
Kapil GuptaKapil Gupta
6f6e4248aa2rebuilding voipfirewalld
Kapil GuptaKapil Gupta
63be2a3cc55[Module Tag script: firewall 15.0.8.22]
Kapil GuptaKapil Gupta
3cb6b1d602fRevert "FREEPBX-22513 Restart fail2ban after iptables flush" This reverts commit 017fc233abe046a19b7b87db13b42334ade0c344.
Kapil GuptaKapil Gupta
7edbfd3d235[Module Tag script: firewall 15.0.8.22] FREEPBX-22543
Kapil GuptaKapil Gupta
a37a08576e9MMerge pull request #110 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEI-3321 to release/15.0 * commit '017fc233abe046a19b7b87db13b42334ade0c344': FREEPBX-22513 Restart fail2ban after iptables flush
YoisYois
017fc233abeFREEPBX-22513 Restart fail2ban after iptables flush When the firewall starts, iptables chains are removed (firewall.php line 128). This also removes fail2ban chains. This commit will restart fail2ban after flushing iptables, forcing the recreation of the rules.
Kapil GuptaKapil Gupta
cc799b0204c[Module Tag script: firewall 15.0.8.21] FREEPBX-21095
Kapil GuptaKapil Gupta
659bee4f7e0MMerge branch 'master' of ssh://git.freepbx.org/freepbx/firewall into release/15.0
Franck DanardFranck Danard
6eb42c22d69FREEPBX-21095 Firewall does not use Asterisk SIP Settings RTP Range, can block RTP streams
Kapil GuptaKapil Gupta
42a5f9f3c5eRevert "FREEPBX-22513 Restart fail2ban after iptables flush" This reverts commit 36f1d852fda88263f968180224b1fd4fc406a4ca.
YoisYois
36f1d852fdaFREEPBX-22513 Restart fail2ban after iptables flush When the firewall starts, iptables chains are removed (firewall.php line 128). This also removes fail2ban chains. This commit will restart fail2ban after flushing iptables, forcing the recreation of the rules.
Kapil GuptaKapil Gupta
dd33bd57f13[Module Tag script: firewall 16.0.31] FREEPBX-21095
Kapil GuptaKapil Gupta
4a48dc32ce4MMerge branch 'master' of ssh://git.freepbx.org/freepbx/firewall into release/16.0
Franck DanardFranck Danard
8b2eb042083FREEPBX-21095 Firewall does not use Asterisk SIP Settings RTP Range, can block RTP streams
Kapil GuptaKapil Gupta
2d011ca36dd[Module Tag script: firewall 16.0.30] FREEPBX-22196 RFW Threshold settings UI fixes
Kapil GuptaKapil Gupta
d1610052118MMerge branch 'release/15.0' into release/16.0
Kapil GuptaKapil Gupta
f3ec2329401[Module Tag script: firewall 15.0.8.20] FREEPBX-22196 RFW Threshold settings UI fixes
Kapil GuptaKapil Gupta
fd94da602caMMerge pull request #108 in FREEPBX/firewall from ~YOIS/firewall-fix:SmartUICleanup to release/15.0 * commit 'a13691e587f193fd9771c544598d9ff640c4737c': FREEPBX-22196 RFW Threshold settings UI Fixes
YoisYois
a13691e587fFREEPBX-22196 RFW Threshold settings UI Fixes This commit addresses 2 changes in the RFW UI * The new tunable RFW threshold settings are expanded in the UI by default. This looks a little messy, and presents relatively advanced settings to the user, inviting them to play with these settings when they should really stay at default unless there's a problem. * The warning banner advising caution against modifying the tunable RFW settings is green, it should probably be yellow like a warning.
Kapil GuptaKapil Gupta
f6dcf0b3908[Module Tag script: firewall 16.0.29]
Kapil GuptaKapil Gupta
08a30426510rebuilding voipfirewalld
Kapil GuptaKapil Gupta
bbe7255afceMMerge remote-tracking branch 'origin/release/15.0' into release/16.0 Conflicts: hooks/voipfirewalld
Kapil GuptaKapil Gupta
9a38edf710a[Module Tag script: firewall 15.0.8.19]
Kapil GuptaKapil Gupta
a6de34c414drebuilding voipfirewalld
Kapil GuptaKapil Gupta
8a42b5679d8MMerge pull request #106 in FREEPBX/firewall from bugfix/FREEPBX-22453-rel15.0 to release/15.0 * commit '76e862741a357d6f5c7f902ef513618ecbaab658': FREEPBX-22453 Fail2Ban Bypass rebuilding voipfirewalld Fix Typo FREEPBX-22170 - Prevent false positives in RFW FREEPBX-22453 - Allow user to bypass Fail2Ban when RFW is enabled FREEPBX-18741 FREEPBX-19413
Kapil GuptaKapil Gupta
76e862741a3MMerge pull request #107 in FREEPBX/firewall from ~YOIS/firewall-fix:bugfix/FREEPBX-22453-rel15.0 to bugfix/FREEPBX-22453-rel15.0 * commit '15354079f64136c37b0e9be92577220ca0e1adb6': FREEPBX-22453 Fail2Ban Bypass
YoisYois
15354079f64FREEPBX-22453 Fail2Ban Bypass * When Fail2Ban Bypass is disabled reset asterisk-iptables jail * Remove unneeded comments
Kapil GuptaKapil Gupta
041667f0dcfrebuilding voipfirewalld
Kapil GuptaKapil Gupta
68e0cde55a5MMerge pull request #99 in FREEPBX/firewall from ~YOIS/firewall-fix:FREEPBX-18741 to bugfix/FREEPBX-22453-rel15.0 * commit '0c4572e0dcd6e4a74dbd9cfa0665372140d4d41b': FREEPBX-18741
YoisYois
0c4572e0dcdFREEPBX-18741 Include match entries for PJSIP trunks for whitelist in iptables in Responsive Firewall
Kapil GuptaKapil Gupta
096fc2f8d32MMerge pull request #92 in FREEPBX/firewall from ~YOIS/firewall-fix:master to bugfix/FREEPBX-22453-rel15.0 * commit '6e5fb144c166d42fad1e126ed4b9c33ab91e107a': FREEPBX-22170 - Prevent false positives in RFW