How to – use Firewalld via command line

This short post is just going to briefly go over the more common commands you need in order to manage firewalld and make sure you keep your servers safe. This firewall works in conjunction with the dynamic portal for ViciDial as well as the built in whitelist initially named ViciWhite in the IP list area in Admin.

Systemctl and Firewalld

Enable firewalld

This makes sure that firewalld will be started automatically with the server.

systemctl enable firewalld

Start firewalld

After the firewalld service is enabled, you’ll need to start it manually the first time. This is how you would manually start firewalld if it were not already running.

systemctl start firewalld

Stop firewalld

When troubleshooting rules and connection issues, you may need to stop the fireawlld service momentarily. You can stop the service with the following command.

systemctl stop firewalld

Restart firewalld

If for some reason, you need to restart the service, you can do that with the systemctl restart command.

systemctl restart firewalld

Firewalld status

Checking the status of the service gives us the most meaningful and informative output. Here you can see whether the service is enabled, running, failed, or anything else.

systemctl status firewalld

In this example output, you can see that the service is enabled, active, and running on the server. If it were not running or in a failed state, this would be displayed.

[root@alma ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-01-22 22:50:32 EST; 1h 0min ago
Main PID: 808 (firewalld)
CGroup: /system.slice/firewalld.service
└─808 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Managing Firewalld and Configuring Rules

Now that we have firewalld running, we can get down to set the configuration. We can open ports, allow services, whitelist IPs for access, and more. In all of these examples, we include the –permanent flag. This is important to make sure a rule is saved even after you restart firewalld, or reboot the server. Once you’re done adding new rules, you need to reload the firewall to make the new rules active.

Add a Port for TCP or UDP

You do have to specify TCP or UDP and to open a port for both. You will need to add rules for each protocol.

firewall-cmd --permanent --add-port=22/TCP
firewall-cmd --permanent --add-port=53/UDP

Remove a Port for TCP or UDP

Using a slight variation on the above structure, you can remove a currently open port, effectively closing off that port.

firewall-cmd --permanent --remove-port=444/tcp

Add a Service

These services assume the default ports configured within the /etc/services configuration file; if you wish to use a service on a non-standard port, you will have to open the specific port, as in the example above.

firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http

Remove a Service

As above, you specify the remove-service option, and you can close off the port that is defined for that service.

firewall-cmd --permanent --remove-service=mysql

Whitelist an IP Address

To whitelist or allow access from an IP or range of IPs, you can tell the firewall to add a trusted source.

firewall-cmd --permanent --add-source=192.168.1.100

You can also allow a range of IPs using what is called CIDR notation. CIDR is outside the scope of this article but is a shorthand that can be used for noting ranges of IP addresses.

firewall-cmd --permanent --add-source=192.168.1.0/24

Remove a Whitelisted IP Address

To remove a whitelisted IP or IP range, you can use the –remove-source option.

firewall-cmd --permanent --remove-source=192.168.1.100

Block an IP Address

As the firewall-cmd tool is mostly used for opening or allowing access, rich rules are needed to block an IP. Rich rules are similar in form to the way iptables rules are written.

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject"

You can again use CIDR notation also block a range of IP addresses.

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' reject"

Whitelist an IP Address for a Specific Port (More Rich Rules)

We have to reach back to iptables and create another rich rule; however, we are using the accept statement at the end to allow the IP access, rather than reject its access.

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Removing a Rich Rule

To remove a rich rule, use the option —remove-rich-rule, but you have to fully specify which rule is being removed, so it is best to copy and paste the full rule, rather than try to type it all out from memory.

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Saving Firewall Rules

After you have completed all the additions and subtraction of rules, you need to reload the firewall rules to make them active. To do this, you again use the firewall-cmd tool but using the option –reload.

firewall-cmd --reload

Viewing Firewall Rules

After reloading the rules, you can confirm if the new rules are in place correctly with the following.

firewall-cmd --list-all

Here is an example output from the –list-all option, you can see that this server has a number of ports, and services open in the firewall along with a rich rule (that forwards one port to another).

[root@alma ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp1s0
sources: 192.168.1.0/24
services: dhcpv6-client dns http https mysql nfs samba smtp ssh
ports: 443/tcp 80/tcp 5900-5902/tcp 83/tcp 444/tcp 3260/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.1.0/24" forward-port port="5423" protocol="tcp" to-port="80"

---

Hopefully this will help a lot of you that end up just not using a firewall at all because it intimidates you not knowing how to use it correctly. Well, I’ve just eliminated that excuse, so now I want to see more of you securing your servers and dialer systems. Here is a few articles to get you started in the right direction.

How to – Secure Vicidial, correctly. Part 1

https://dialer.one/how-to-scratch-install-the-dynportal-on-centos/?amp

Here are some more articles in relation to VICIdial security for your servers

How to – Use the built in Dynamic Portal for Vicibox
How to – Turn on IP whitelist in Vicidial
How to – Use one dynamic portal for whitelisting and have it sync across an entire cluster
How to – Fix the firewall on Vicibox10

---

That’s it for this article, hopefully you guys take this serious because hackers, especially ransomware thieves are targeting dialer servers in particular for their schemes, such as using the VoIP to call their victims to either trick them into downloading files or threatening them over the phone with blackmail or other means. BazarCall is one of the more well known tools thats being used by the ransomware group called Ryuk.

Call Center Solutions For Every type of Business, based in the Cloud

_{^{Credit: Written By Sajid Ahmad}}

What is a cloud center cloud solution?

Call center cloud solutions are the new age way to keep people working mainly when COVID hit. its to replace the more commonly known on-premise locations and having to house equipment for placing and receiving calls. It has given the call center world basically no restrictions when it comes to location, people they want to hire that don’t live locally and so many more benefits that it just doesn’t make sense not to switch to a cloud based phone system such as CyburDial.

In this, the cloud call focus can use the innovation of cloud communication that shows up with coordinated and fundamental elements, for example, IVR to give that expert voice edge to your clients, a live board to see an unmistakable image of business calls, call directing for sending the right calls to the right divisions or specialists.

This multitude of advantages show up with a virtual number or a complementary number. There are different numbers planned behind a complementary number. It makes more straightforward to advance significant calls to the right specialists or divisions.

Aside from these fundamental highlights, complementary numbers assist clients with contacting the business clients.

In the current day’s electronic world, cloud call focus arrangement gives simple admittance to the administrations which are fundamental for business correspondence like fast availability, better effort, and quick client question redressal.

What are the advantages of a cloud call focus arrangement?

Cloud call focus arrangement collects the capability of a business to effort its clients with next to no geological limitations. As of not long ago, the old conventional framework used to give restricted client outreach choices that too with the adequate sum put resources into the establishment of the disconnected equipment.

Be that as it may, the cloud communication arrangement will provide your business with every one of the advantages of a call center, but without any burdens jor overhead that come with a physical location.

-:- Cloud Based Contact Center Solution -:-

Here are a few advantages that our cloud call focus arrangement will give your business and enable you to set up a cloud-based smaller than normal call community for your call taking care of:

1. More straightforward versatility:

Cloud call focus arrangement permits your business to scale and extend with no additional venture on cumbersome equipment. In situations where organizations need to add more specialists to the group or move to an alternate area or a nation out and out, Call center solutions on cloud focuses arrangements will not end up being oppressive.

2. Upgraded unwavering quality:

With quick cloud-based call center arrangements, your business can profit quickly while giving your clients the chance to have there goals met with almost zero wait time. Making them happy ends with you acquiring more clients via word of mouth w mean mmhich we all know it’s the best type of marketing on the planet.

3. Savvy module:

Setting up a contact center solution such as CyburDial is a way less feverish strategy than introducing massive on-premise equipment. It’s totally savvy on the grounds that your business can save that ridiculous amount you would normally spend on hardware for a local office and use it to put resources into the establishment and marketing for massive equipment.

4. First class security:

Cloud based contact center solutions offer more dependable information security as it is totally put away upheld in the cloud which empowers information encryption, ongoing administrator control, and server security with an intense firewall solution that totally locks down the system, but at the same time has something called the Dynamic portal which allows agents to authenticate their IP on the server in order to gain access. Tried approval is urgent with regards to the cloud call focus, in this way, it accompanies different security levels.

5. Insignificant margin time:

Customarily introduced equipment is inclined to separate in vital circumstances and normally takes more than an adequate measure of time in handling. In any case, with a cloud based contact center solution’ like CyburDial, it has immaterial personal time and guarantees no call misfortune for your business.

6. State-of-the-art framework mix:

Dissimilar to conventional equipment, cloud communication works with your clients to remain refreshed with current mechanical updates and enable your group to acquire the necessary computerization and improvement. Your business can then effectively overhaul and upgrade your contact center to be in-accordance with the ongoing TCPA changes and more importantly, to keep up with the times.

7. Execution investigation and information accessibility:

You can track, record and investigate the exhibition of your representatives with definite reports benefited by cloud based contact center. It is planned in a manner to furnish you with an easy to understand insight alongside thorough reports of recorded and convenient followed calls.

8. Business accessibility: 

Your business can undoubtedly guarantee 24*7 accessibility for your clients with a cloud-based call place arrangement. With customary equipment nonstop accessibility is hard to satisfy as it anticipates that the group should remain on the PC consistently. Consequently, with cloud innovation, progression in client care administration is altogether guaranteed by your business.

---

Hopefully this short article has given you some new insight and a better perspective on why you should change from those old bulky hard phones that take up room on your desk and switch to a system that works right on the computer you use all day anyways, or better yet, pull it up on your iPad, your iPhone, Android, tablet, surface or literally any smart device with a browser that you can think of, even your smart TV. Let’s leave the past and join the future, come join us as we revolutionize the telecommunications world by bringing in a solution that not only handles phone calls, but so much more and we can also integrate any CRM you already use to where they will communicate back and forth and sync your information across both platforms seamlessly. Oh, and one last thing i forgot to mention, CyburDial isn’t something you are going to rent from us or pay a ridiculous per seat charge($150+ per seat) like these other dialer systems(which we do have seat rentals available for startups if you prefer), but CyburDial is a custom built dialer system that you will own! That’s right, you buy the cloud based server which we will show you some options to pick from, we install our custom system on your server and then handle all your integrations for CRM’s and anything else you may need to combine with your new state of the art technology. We then provide you with learning material such as a 600 page manual, videos demonstrating how to use most of the more common features you will need to know about, an in depth training over zoom for both your agents and then your managers, making sure you have everything you need to know, in order to be successful in your business, but that’s not all, we are also going to provide you with 90 days support included in your buildout, to answer any questions as they come along, hop on a zoom call with you and/or your team to show you live how to do something your unsure of, we will create some loom videos for anything that’s confusing any of your staff, as well as 24 hour access to our helpdesk to make sure someone is ALWAYS around to help you. So what are you waiting for? Get ahold of us now by calling us at 725-22-CYBUR – Emailing us at sales@dialer.one or if you’d like to talk to someone over chat, click the little chat box in the corner or come join our Live Support Channel on Skype which has people from over 45 countries covering 6 continents where the passing of knowledge and the generosity of men and women helping each other is in no short demand because when you join CyburDial, its not just one of the best decisions you’ll make by becoming business associates, but you also become family.

-Chris aka carpenox

Tips and Tricks – Uncommon Issues

8/21/2022- carpenox

In this article, I am going to go over some of the more often asked questions and how to fir them. If you still don’t understand, feel free to join our live chat. Also included will be some pretty useful ways to use Linux’ built in tools for your benefit.

1) Lets start easy with “htop”. This command, “htop” will display your current drain on system resources and show you where you stand. Take a look at the picture below:

2) Creating a filter to only call certain status every 90 days only

This next one can be very useful for those of you that need to drop certain dispositions from being called for a set time period, for this example, we’re gonna say 90 days for any lead marked with NI(not interested). You need to create a “filter” and paste the following mysql query which can be altered to fit your needs: “status IN (‘NI’) and modify_date < NOW() – INTERVAL 90 DAY OR status IN (‘N’,’NA’ ,’B’,’AB’,’DROP’,’PDROP’,’NEW’,’NP’,’NANQUE’,’ADCT’)”. The first status “NI” can be set to anything you want, like ‘ADCT’ to go back and see if those temporary disconnected numbers are back or whatever dispo you’d like to go back to. You can also change the 90 to however many days you want to wait before dialing those again and finally, you can change from the right side of the query where it says “status IN (‘N’,’NA’ ,’B’,’AB’,’DROP’,’PDROP’,’NEW’,’NP’,’NANQUE’,’ADCT’)” and either add to it or remove from it, etc. Here is a small example of the one used in this article:

3) Is your audio store not accepting new files? Does it keep telling you improper format? Not a problem, we need to run a few commands in the Linux cli to get this fixed up. Copy and paste the code below:

cd /usr/share/astguiclient/
sed -i 's/wgetbin -q/wgetbin --no-check-certificate -q/g' ADMIN_audio_store_sync.pl

/usr/share/astguiclient/ADMIN_audio_store_sync.pl --debugX


chmod -R 777 audio folder in /var/www/html/audio_folder (somehting like ndt7h4rr8fynf3y8er)
chown -R apache:apache /var/www/html/audio_folder (somehting like ndt7h4rr8fynf3y8er)

4) Need to change your recording links from http to https? Try the following query in mysql:

UPDATE recording_log
SET location = REPLACE(location, 'http://127.0.0.1/', 'https://127.0.0.1/')
WHERE location LIKE '%http://127.0.0.1/%';

you can also run this with archive_log instead of recording_log and the Ip's can be switched out with FQDN's or domain names.

5) Here is a simple way to change the passwords for all users as well as a couple variants to get more specific:

update vicidial_users 
set pass="newpass";  ###update all users password

update vicidial_users 
set pass="newpass" 
where user between 7000 AND 7015;  ##update users that are only between 7000 and 7015

update vicidial_users 
set pass="newpass"
 where user_level between 1 AND 8;  ##change password for all users between levels 1 and 8, dont change level 9 passwords

That’s it for today, I’ll add some more tomorrow and the days to follow so stay tuned.

Thanks, Chris aka carpenox

---

9/5/2022 – Adding a few more

6) Speed up call handling for agent only or dial servers only. (no web/DB)

If you are using servers where agents only log in and handle calls, but no calls are placed out from it, then you can use the new delay options on those servers to enhance efficient operations. The –autodial-delay=X option in the ADMIN_keepalive_ALL.pl script will allow you to set the delay to 100 milliseconds for these agent-only servers(the default is 2500ms). Lowering the delay for agent-only servers makes the auto-dial FILL process more responsive to the changes in the agent state on the agent-only servers which will enhance how your cluster operates. You can also use the –adfill-delay=X CLI option for the ADMIN_keepalive_ALL.pl script on the server that is running the FILL process and lower it as well if you have a larger cluster. The default of that process is also 2500ms, but you can lower it down to 500ms if needed.

7) Are all your calls showing DISPO?

This is usually because your php time doesnt match the system. You can change it by editing /etc/php.ini for CentOS/Alma/Rocky or /etc/php7/php.ini for Leap. Just change it to match and you’ll be good to go.

8) How can I move a lead based on how many times its been called or how old the lead is?

The answer is yes, you can use the script named dispo_move_list.php, that you can find in your /usr/src/astguiclient/trunk/extras folder on your web server. It has a few different choices you can use that you can see below:

# Definable Fields: (other fields should be left as they are)
# - log_to_file - (0,1) if set to 1, will create a log file in the agc directory
# - sale_status - (SALE---XSALE) a triple-dash "---" delimited list of the statuses that are to be moved
# - exclude_status - (Y,N) if set to Y, will trigger for all statuses EXCEPT for those listed in sale_status, default is N
# - talk_time_trigger - (0,1,2,3,...) if set to number greater than 0, will only trigger for talk_time at or above set number, default is 0
# - called_count_trigger - (1,2,3,...) if set to number greater than 0, will only trigger for called_count at or above set number, default is 0
# - list_id_trigger - (101,...) if set to number greater than 99, will only trigger for list_id equal to the set number(NOTE: list_id must be sent), default is disabled
# - list_id - (101,...) if you want to use list_id_trigger then this must be set: "list_id=--A--list_id--B--", default is disabled
# - lead_age - (1,2,3,...) if set to number greater than 0, will only trigger for a lead entry_date this number of days old or older, default is 0
# - new_list_id - (999,etc...) the list_id that you want the matching status leads to be moved to
# - reset_dialed - (Y,N) if set to Y, will reset the called_since_last_reset flag on the lead
# - populate_sp_old_list - (Y,N) if set to Y, will populate the security_phrase field of the lead with the old list_id
# - populate_comm_old_date - (Y,N) if set to Y, will populate the comments field of the lead with the date and time when the lead was last called
# Multiple sets of statuses:
# - sale_status_1, new_list_id_1, reset_dialed_1, exclude_status_1, called_count_trigger_1 - adding an underscore and number(1-99) will allow for another set of statuses to check for and what to do with them
# - multi_trigger - (talk-age...) if set to 1 or more of "talk,age,list,count,status"(separated by '-') it will check for only one of included triggers to be met for the lead to be moved, (does not work with multiple sets)

9) Can I record my agents outside of ViciDial or once calls are transferred outside the system?

Yes, you can. You have to use an agi script called agi-NVA_recording.agi which was made for this purpose. Here are some triggers for it below:

# ; 1. logging output (NONE|STDERR|FILE|BOTH)
# ; 2. the ViciDial user ID, if empty it defaults to accountcode(usually phone extension) or vicidial_live_agents user who launched the call
# ; 3. log this call in user_call_log (Y|N) default N
# ; 4. log this call in call_log (Y|N) default N, ONLY NEEDED FOR INBOUND AND INTERSYSTEM CALLS!!!
# ; 5. audio record this call (Y|N) default N
# ; 6. double-log this call in call_log (Y|N) default N, ONLY NEEDED FOR INBOUND CALLMENU FORWARDED CALLS!!!
# ; 7. play the recording ID of this call before recording starts
# ; 8. include the recording ID in the filename
# ; 9. search vicidial_list for phone number dialed (Y|N) default N, assumes 10 digit phone numbers
# ; 10. if 9 is Y, this is search method (ALLLISTS|PHONE) default ALLLISTS, search all lists, use phone setting, CURRENTLY DOES NOTHING
# ; 11. error out and end call if phone number is not found (Y|N) default N
# ; 12. run the phone entry's NVA Call URL (Y|N) default N
# ; 13. if 9 is Y, and phone number is not found, insert into phone's NVA List ID (Y|N) default N
# ; 14. if 13 is Y, override phone's NVA List ID with this list ID when lead is inserted
# ; 15. if 13 is Y, override phone's NVA Phone Code with this phone code when lead is inserted
# ; 16. if 13 is Y, override phone's NVA Status with this status when lead is inserted

Here as an example to give you an idea how it looks:
# ;custom dialplan entry example: (similar to the defaultlog Call Menu)
#exten => _X.,1,AGI(agi-NVA_recording.agi,BOTH------Y---N---Y---N---N---N)
#exten => _X.,n,Goto(default,${EXTEN},1)
#exten => _X.,n,Hangup

10) Why don’t calls to Canada show the caller ID? (They display those weird V435345874353457353 numbers)

It’s because Canadian telco’s accept any CID that is sent and Vicidial sends this UID first which is ignored by American telco’s and it was a hard solution for me to find, so here it is for you guys. It uses a dialplan that was given to me by The dialplan God – Striker24/7.

exten => _81NXXNXXXXXX,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _81NXXNXXXXXX,n,NoOp(MY CALLERD !!!! ${CALLERID(all)})
exten => _81NXXNXXXXXX,n,Set(_CALLERID(num)=${CALLERID(num)})
exten => _81NXXNXXXXXX,n,Dial(IAX2/ASTloop/9${EXTEN:1},,tTo)
exten => _81NXXNXXXXXX,n,Hangup()

exten => _91NXXNXXXXXX,1,Set(CALLERID(num)=${CALLERID(num)})
exten => _91NXXNXXXXXX,n,Set(CALLERID(name)=${CALLERID(num)})
exten => _91NXXNXXXXXX,n,NoOp(MY CALLERD !!!! ${CALLERID(all)} ${CALLERID(num)} ${CALLERID(name)})
exten => _91NXXNXXXXXX,n,Dial(SIP/${EXTEN:1}@TILTX,,tTo)
exten => _91NXXNXXXXXX,n,Hangup()

Well thats it for today, hopefully these help someone.

-Chris aka carpenox