Skip to main content

Hotel Phone System (VoIP)

Hotel Phone System (VoIP) Hotel Phone System should be a must for most hoteels or motels, which has been using Analog Phone System(Analog PBX) in past decades.  There were some technical and financial issues if swifting to IP-PBX: 911 service IP-phone expensive than analog hotel phone Ethernet cable running Billing System Solution for replacement: e-911 are supported  VoIP gateway Sharing same Ethernet cable with IPTV A2billing Module for IP-PBX Therefore, you could  build a PBX  for hotels or motels if you are the owner  Analog VoIP Gateway For Hotel Phone System IP phone is recommended because many functions can work only on IP phone, but IP phone still expensive than analog hotel phone. Alternatively, hotels or motels can use VOIP gateway instead. In addtion, no need to run Ethernet cable. Software for For Hotel Phone System Issabel FreePBX FusionPBX You should consider Issabel or FreePBX first:Issabel with very friendly Web console and almost all modules are...
Post a Comment

CentOS Firewall: firewalld commands

CentOS Firewall:  firewalld commands



I. Introduction

Centos7 and above releases have tried to bring firewalld firewall, firewalld to bring iptables firewall. The reason is that the firewall policy of iptables is handled by the netfilter network filter at the kernel level, while firewalld is handled by the nftables packet filtering framework at the kernel level. Compared with iptables firewall, firewalld supports dynamic update technology and adds the concept of zone. To put it simply, the area is that firewalld has prepared several sets of firewall policy sets (policy templates) in advance. Users can choose the appropriate policy set according to different production scenarios to achieve rapid switching between firewall policies.

Zone is a major feature for firewalld, but for us, Centos7 is generally on the server, and there is less need to switch zones, so this article will not introduce it. There are more online information. You can go to Baidu to find information.

2. Operation and configuration

1. Service Operation

Start the service:

systemctl start firewalld

There is no need to worry about being unable to remotely pass ssh after the firewall is enabled. By default, port 22 has a permission rule added.

Out of service:

systemctl stop firewalld

Restart the service:

systemctl restart firewalld

View service status:

systemctl status firewalld

2. Configuration file description

firewalld stores configuration files in two directories, /usr/lib/firewalldand the /etc/firewalldformer stores some default files, and the latter mainly stores user-defined data, so the services or rules we add are performed under the latter.

server Folders store service data, which is a set of defined rules.

zones Storage area rules

firewalld.conf The default configuration file, you can set the default zone, the default zone is public, corresponding to the zone public.xml

Three. Command

It should first be noted that, when executing the command, if there is no band --permanentparameter indicates the configuration take effect immediately, but not the configuration storage, equivalent to reboot the server will be lost. If you take will be configured to store the configuration file ,, but this is just the configuration to a file, but did not take effect, we need to execute firewall-cmd --reloadthe command reload configuration takes effect.

1. Overload firewall configuration

firewall-cmd --reload

2. Check the running status of the firewall

firewall-cmd --state

3. View the settings of the default area

firewall-cmd --list-all

4. Emergency order

firewall-cmd --panic-on  
firewall-cmd --panic-off 
firewall-cmd --query-panic

5. Service

firewall-cmd --add-service=<service name> 
firewall-cmd --remove-service=<service name>

6. Port

firewall-cmd --add-port=<port>/<protocol> 
firewall-cmd --remove-port=<port>/<protocol> 
firewall-cmd --list-ports

7. Protocol

firewall-cmd --add-protocol=<protocol> 
firewall-cmd --remove-protocol=<protocol> 
firewall-cmd --list-protocols

8. Allow all traffic of the specified ip

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.1" accept"

9. Allow the specified protocol of the specified ip

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" protocol value="<protocol>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.208" protocol value="icmp" accept"

10. Allow designated ip to access designated services

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" service name="<service name>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.208" service name="ssh" accept"

11. Allow the specified ip to access the specified port

firewall-cmd --add-rich-rule="rule family="ipv4" source address="<ip>" port protocol="<port protocol>" port="<port>" accept"

Example:

firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.2.1" port protocol="tcp" port="22" accept"

12. Change the designated ip to the network segment

8-11 various commands support source addressto the network segment that this segment of the ip are adapting to this rule:

E.g:

firewall-cmd --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.2.0/24" port protocol="tcp" port="22" accept"

Indicates that hosts on the 192.168.2.0/24 network segment are allowed to access port 22.

13. It is forbidden to specify ip/net segment

8-12 each command, the acceptset rejectrejected, setting dropa direct discarded (connection timeout returns timeout)

E.g:

firewall-cmd --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.2.0/24" port protocol="tcp" port="22" reject"

Indicates that hosts on the 192.168.2.0/24 network segment are prohibited from accessing port 22.






Comments

Post a Comment

Popular posts from this blog

FreePBX vs. FusionFBX

FreePBX vs. FusionFBX FreePBX vs FusionFBX has been being a topic for many years. Both FreePBX and FusionPBX are great projects, but two systems have different sources and architectures. Actually both are the Web-Gui developped from Asterisk and Freeswitch instead of command lines. FreePBX FreePBX  is developped from Asterisk on CentOS Linux, also support other Linux. FreeBPX provides free Distro disk. Most modules of FreePBX are free, but commercial modules need to pay. Some  PBX  projects were also developped from FreePBX, like  Trixbox, Elastix and PBX in a Flash . Pros: Free Distro. Based on CentOS Friendly Web-Gui Easy to use and configure Long History Wide Community  Support Support Arch Linux, Ubuntu, Debian, Raspbian Support both x86 and ARM CPU Good support for telephony hardware Cons: Not all modules are free, some commercial modules need to pay. Web-Gui uses much system resource. However, a powerful ARM-device like Raspberry Pi 4 might not have such p...
Post a Comment
Read more

DIY a Router (Soft Routering)

DIY a Router (Soft Routering) Why DIY a Router? Most routers in the market are made by big-scale companies like CISCO, Linksys, Asus, TP-link. The price from tens dollars to thousands dollars, and depends on the features and capacity of data exchange. Actually routers has two main classes in the market: Consumer class Easy to use: Most of public is lack of computer and netowkr knowledge.   The manufacturer must make router as easy as ready to use after plug and power on. All in one:  Actually Router just for data exchange with internet, but Consumer-Class routers usually come with WiFi Access Point and network switch.  However, all-in-one solution will increase CPU utilization and could stuck if connecting many network devices.  Low price: Most Consumer-class routers is made at the base of cheap and simple ARM-CPU with very limit storage and memory.  It’s impossible to upgrade or expand either functions or capacity of data processing. Commercial Class Route...
Post a Comment
Read more