FreePBX Firewall Status

  • Have any of you noticed behavior like this? If you haven't, often do you restart your FreePBX server and / or the firewall?

    1. In the FreePBX GUI, click Connectivity > Firewall > Status > Blocked Hosts.
    2. Page seems to take forever to load, if it loads at all, and your CPU load averages spike.

    I can usually replicate this, and it seems to happen if the FreePBX system (and resultant firewall) has been running for a few days without a restart. Today's instance has been running for a week. Since I couldn't list blocked attackers to unblock one of my users, I had to stop / start the firewall using fwconsole. Since restarting the firewall, that page is nice and snappy again.

  • We reboot at most once a week, unless there is specific manual work going on.

  • I ran top -n 10 > somefile a few times while I was waiting on the page, before decided to just restart the firewall. I'll look and see if I see anything strange (as much as I can determine strange), and post results here in a few.

  • Well, live and learn. Looks like I needed to add -b to get useful output.

  • Yes, I run into this as well and it is really annoying. I do the same thing you do, restart the firewall.

  • yeah, mine is the same as the OP.

  • All the time. I only know this from having to log in every time the firewall gets behind and blocks the remote phones using responsive firewall.

    I do think FreePBX is great, don't get me wrong. These are some the reasons I still prefer a freeswitch based deployment and enforcing domains as part of authentication. Almost all attempts to brute force authenticate are dropped simply because they don't know the domain (realm) being used and they quickly give up.

    There is a lot more that I like over FreePBX in my current setup but that has more to do with trying to be a service provider.

    For a single installation my only gripe is the way the firewall works, how do people use Bria and roam around. That being said they could close that gap at any moment and my only complaint would be the delicacy of updating systems or uploading the wrong format of an audio file. Which apparently only bigbear has ever had problems with. Lol.