Skip to main content

Hotel Phone System (VoIP)

Hotel Phone System (VoIP) Hotel Phone System should be a must for most hoteels or motels, which has been using Analog Phone System(Analog PBX) in past decades.  There were some technical and financial issues if swifting to IP-PBX: 911 service IP-phone expensive than analog hotel phone Ethernet cable running Billing System Solution for replacement: e-911 are supported  VoIP gateway Sharing same Ethernet cable with IPTV A2billing Module for IP-PBX Therefore, you could  build a PBX  for hotels or motels if you are the owner  Analog VoIP Gateway For Hotel Phone System IP phone is recommended because many functions can work only on IP phone, but IP phone still expensive than analog hotel phone. Alternatively, hotels or motels can use VOIP gateway instead. In addtion, no need to run Ethernet cable. Software for For Hotel Phone System Issabel FreePBX FusionPBX You should consider Issabel or FreePBX first:Issabel with very friendly Web console and almost all modules are...

CentOS Firewall: firewalld commands

CentOS Firewall:  firewalld commands



I. Introduction

Centos7 and above releases have tried to bring firewalld firewall, firewalld to bring iptables firewall. The reason is that the firewall policy of iptables is handled by the netfilter network filter at the kernel level, while firewalld is handled by the nftables packet filtering framework at the kernel level. Compared with iptables firewall, firewalld supports dynamic update technology and adds the concept of zone. To put it simply, the area is that firewalld has prepared several sets of firewall policy sets (policy templates) in advance. Users can choose the appropriate policy set according to different production scenarios to achieve rapid switching between firewall policies.

Zone is a major feature for firewalld, but for us, Centos7 is generally on the server, and there is less need to switch zones, so this article will not introduce it. There are more online information. You can go to Baidu to find information.

2. Operation and configuration

1. Service Operation

Start the service:

systemctl start firewalld

There is no need to worry about being unable to remotely pass ssh after the firewall is enabled. By default, port 22 has a permission rule added.

Out of service:

systemctl stop firewalld

Restart the service:

systemctl restart firewalld

View service status:

systemctl status firewalld

2. Configuration file description

firewalld stores configuration files in two directories, /usr/lib/firewalldand the /etc/firewalldformer stores some default files, and the latter mainly stores user-defined data, so the services or rules we add are performed under the latter.

server Folders store service data, which is a set of defined rules.

zones Storage area rules

firewalld.conf The default configuration file, you can set the default zone, the default zone is public, corresponding to the zone public.xml

Three. Command

It should first be noted that, when executing the command, if there is no band --permanentparameter indicates the configuration take effect immediately, but not the configuration storage, equivalent to reboot the server will be lost. If you take will be configured to store the configuration file ,, but this is just the configuration to a file, but did not take effect, we need to execute firewall-cmd --reloadthe command reload configuration takes effect.

1. Overload firewall configuration

firewall-cmd --reload

2. Check the running status of the firewall

firewall-cmd --state

3. View the settings of the default area

firewall-cmd --list-all

4. Emergency order

firewall-cmd --panic-on  
firewall-cmd --panic-off 
firewall-cmd --query-panic

5. Service

firewall-cmd --add-service=<service name> 
firewall-cmd --remove-service=<service name> 

6. Port

firewall-cmd --add-port=<port>/<protocol> 
firewall-cmd --remove-port=<port>/<protocol> 
firewall-cmd --list-ports 

7. Protocol

firewall-cmd --add-protocol=<protocol> 
firewall-cmd --remove-protocol=<protocol> 
firewall-cmd --list-protocols 

8. Allow all traffic of the specified ip

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.1" accept" 

9. Allow the specified protocol of the specified ip

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" protocol value="<protocol>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.208" protocol value="icmp" accept" 

10. Allow designated ip to access designated services

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" service name="<service name>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.208" service name="ssh" accept" 

11. Allow the specified ip to access the specified port

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" port protocol="<port protocol>" port="<port>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.1" port protocol="tcp" port="22" accept" 

12. Change the designated ip to the network segment

8-11 various commands support source addressto the network segment that this segment of the ip are adapting to this rule:

E.g:

firewall-cmd --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.2.0/24" port protocol="tcp" port="22" accept"

Indicates that hosts on the 192.168.2.0/24 network segment are allowed to access port 22.

13. It is forbidden to specify ip/net segment

8-12 each command, the acceptset rejectrejected, setting dropa direct discarded (connection timeout returns timeout)

E.g:

firewall-cmd --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.2.0/24" port protocol="tcp" port="22" reject"

Indicates that hosts on the 192.168.2.0/24 network segment are prohibited from accessing port 22.






Comments

Popular posts from this blog

FreePBX vs. FusionFBX

FreePBX vs. FusionFBX FreePBX vs FusionFBX has been being a topic for many years. Both FreePBX and FusionPBX are great projects, but two systems have different sources and architectures. Actually both are the Web-Gui developped from Asterisk and Freeswitch instead of command lines. FreePBX FreePBX  is developped from Asterisk on CentOS Linux, also support other Linux. FreeBPX provides free Distro disk. Most modules of FreePBX are free, but commercial modules need to pay. Some  PBX  projects were also developped from FreePBX, like  Trixbox, Elastix and PBX in a Flash . Pros: Free Distro. Based on CentOS Friendly Web-Gui Easy to use and configure Long History Wide Community  Support Support Arch Linux, Ubuntu, Debian, Raspbian Support both x86 and ARM CPU Good support for telephony hardware Cons: Not all modules are free, some commercial modules need to pay. Web-Gui uses much system resource. However, a powerful ARM-device like Raspberry Pi 4 might not have such p...

PBX on Chromebook

PBX on Chromebook PBX on chromebook works great! Especiall for the chromebook with x86 CPU.  Most IP-PBX are developed on x86 PC first. Linux distro also developed on  instruction sets of x86 CPU. Therefore, you’d better to choose an x86 PC or chromebooks for your first PBX server.   Google usually supports chromebooks about 5 years. Afterwards these chromebooks wouldn’t get the update on system, chrome browser and security. Lots of old chromebooks were dumped into 2nd-hand market every year. You could spend less than 50 dollar to get an used or refurbished chromebook from ebay, Amazon or bestbuy. However it will bring security issue if these old chromebooks wouldn’t get securty update from Google. Can we swipe off Chrome OS and install Linux, then modify it to a PBX server? The answer  depends on what chromebook on your hand.  In order to install linux on chromebook, you need to replace factory BIOS by customerized one. Go to  Mr.Chromebox.tech  ...

Get a free PBX?

Get a free PBX? Get a free PBX? Absolutely possible if you have some unused old PC, chromebook or ARM-device, but you need basic knowledge on computer and Linux. Free hardware: For a beginner, the cost on hardware might not be a problem because you could build a PBX on virtual machine like VMware or virtualbox. However VMware is not free product, so you can start with free virtualbox. Alternatively, you can use some old unused device or PC to have a try.  Asterisk and freepbx can works on below equipment. Old x86 PC with min. 512MB memory and at least 1GHz x86 CPU Chromebook or Chrombox: need to flash BIOS and boot from external USB drive ARM devices:  below devices were tested. Dockstar Pogolug GoFlex Home and Net Raspberry Pi:  Zero, 2, 3 and 4 Orange Pi: One, PC and PC2 Free software for a Free PBX: FreePBX AsteriskNOW Issabel FusionPBX (Freeswitch) PBXinAFlash OpenSIPs Kamailio OpenPBX 3CX (kind of free) As a beginning, FreePBX is recommended because it has friendly w...