How to configure vicibox10 firewall with dynamic ip list

Step by Step guide to resolve and configure firewall in vicibox 10 with dynamic portal

How to configure vicibox10 firewall with dynamic ip list

vicibox 10 dynamic portal dynamic ip list
vicibox 10 dynamic portal configuration with dynamic ip list

  Vicibox10 Firewall Challenge : 

The Recent release of Vicibox10 (ViciBox_v10.x86_64-10.0.0.iso ), have some bugs  with respect to dynamic portal for dynamic ip list and public zone.

  BUG's/Issues

1. Dynamic IP's getting added in blackips IPSET list.

2. IPSet Public Zone missing the rules for all List like whiteips,whitenets,dynamic clist for the services like asterisk,apache2,apache2-ssl

  Overview:

In this blog i will be covering both the bug fix and configuration steps for the  vicibox 10 dynamic portal with whitelist,dynamic ip list.

VICIdial is an enterprise class, open source, contact center suite in use by many large call centers around the world. VICIdial has a full featured predictive dialer.  It is capable of inbound, outbound, and blended phone call handling. 

VICIbox Server is the official installation CD for the VICIDIAL Call Center Suite. It is based off of OpenSuSE server, and will properly install the VICIDIAL Call Center Suite with relative ease.

The ViciBox-Firewall is an integration of the underlying firewall in the OS, various features of ViciDial, and some add-on ViciBox features. This allows for the relatively easy administration of all network access to the various features of ViciDial. The firewall integration itself supports a Black list, a White list, a Dynamic List with a user authentication portal

  Firewalld/IPSET/Nftable

Vicibox 10 Dynamic Portal use three major components

1. IPSET

2. nftables

3. Firewalld

ipset is a companion application for the iptables Linux firewall. It allows you to setup rules to quickly and easily block a set of IP addresses, among other things.

nftables is a Linux packet classification framework that replaces the Netfilter infrastructure behind iptables, ip6tables, arptables, and ebtables ,

firewalld is a zone-based firewall. Zone-based firewalls are network security systems that monitor traffic and take actions based on a set of defined rules applied against incoming/outgoing packets.

it is better to have knowledge in these components ,which helps in troubleshooting and understand how vicibox dynamic portal works, click on the hyperlinks for more details.

  Youtube Link for the video tutorial click here

  STEP 1: Bug fix the  VB-firewall code.

SSH to the server,  Edit the VB-firewall and replace IPBLACK to IPDYNAMIC at line no 763

vi +763 /usr/bin/VB-firewall

doipnetslist(\@dynamicips, $IPBLACK, "X", "DynamicList");

to

doipnetslist(\@dynamicips, $IPDYNAMIC, "X", "DynamicList");

or run the below command to replace the word IPBLACK to IPDYNAMIC

cd /usr/bin/

sed -i '763s/IPBLACK/IPDYNAMIC/' VB-firewall

save the file.

  STEP 2: Fix the Public Zone missing Rules.


edit the public.xml using vi editor and add below lines before the </zone> line

vi /etc/firewalld/zones/public.xml

<rule family="ipv4">
    <source ipset="whiteips"/>
    <service name="apache2"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="whitenets"/>
    <service name="apache2"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="dynamiclist"/>
    <service name="apache2"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="whiteips"/>
    <service name="apache2-ssl"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="whitenets"/>
    <service name="apache2-ssl"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="dynamiclist"/>
    <service name="apache2-ssl"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="whiteips"/>
    <service name="asterisk"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="whitenets"/>
    <service name="asterisk"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source ipset="dynamiclist"/>
    <service name="asterisk"/>
    <accept/>
  </rule>
</zone>

Save the file.

  STEP 3: Activate IP list Admin

Navigate to ADMIN > SYSTEM SETTINGS 
Enable Allow IP LIst : 1
Submit
vicibox 10 dynamic portal ip admin list

  STEP 4: Attach the Public Zone to the Interface.


Access your Vicibox through SSH either putty or direct server console.

type yast firewall 

navigate to INTERFACES and press Enter

vicibox 10 dynamic portal public


Now in the Right Side pane, Select your public interface and Select Change Zone  or Press ALT+C
to change the zone from Default to Public,

vicibox 10 dynamic portal public zone

Once the Public Zone selected from drop down, select accept or press ALT+A to save the configuration
vicibox 10 dynamic portal public zone accept


  STEP 5: Removing the default services from Public zone and add viciportal, viciportal-ssl service .


In SSH console type
yast firewall
select the Public zone in the list.
vicibox 10 dynamic portal public zone add


Now from the Allowed list select the below service and select remove or press ALT+e
apache2
apache2-ssl
asterisk
dhcpv6-client

Press Remove or ALT+e

vicibox 10 dynamic portal public zone remove service

Next from the Known services Select below service and press add or ALT+d

viciportal
viciportal-ssl
vicibox 10 dynamic portal public zone viciporta


vicibox 10 dynamic portal public zone viciporta1


Finally Select Accept or press ALT+A to save the changes.

  STEP 6:  Add the VB-firewall in crontab 


type crontab -e and at the last line and delete below entries

@reboot /usr/bin/VB-firewall --voipbl --noblack --quiet
0 */6 * * * /usr/bin/VB-firewall --voipbl --noblack --flush --quiet

Then add the below entries

@reboot /usr/bin/VB-firewall --white --dynamic --quiet
* * * * * /usr/bin/VB-firewall --white --dynamic --quiet

Finaly give reboot to the server 

type reboot. 


  STEP 7: Test the dynamic Portal


Access the Vicibox dynamic portal and authenticate to add your ip in dynamic whitelist

for http type
http://vicibox-ip:81/valid8.php

for https type
https://vicibox-ip:446/valid8.php

vicibox 10 dynamic portal viciportal


  STEP :8 , Commands to test the Firewall,ipset,nftables


ipset --list  -- check your IP is listed in respective IP set name

firewall-cmd --list-all  - to check services and rules in public zone

nft list table inet firewalld - list the nftables rules.


Next Post Previous Post
3 Comments
  • gopi baskar
    gopi baskar April 4, 2022 at 9:18 AM

    How to configure Firewall in Vicibox 10 with dynamic portal

  • Unknown
    Unknown April 19, 2022 at 6:56 AM

    Hello can u plz tell me what is the query to save the file, i can't see what u r writing to save it.

    • gopi baskar
      gopi baskar April 19, 2022 at 9:36 AM

      if you are using vi editor then press ctrl+c and then :wq

Add Comment
comment url