SARK PBX Firewall manual control

The firewall used on modern SARK PBX is a freely available firewall called ‘shorewall’. It also uses an automatic intrusion detection system which blocks IP addresses on the fly.

This system can sometimes block things you don’t want blocking – the most common one is a password typed into a SIP phone incorrectly getting blocked out.

There are a few simple commands that can be used to check for and fix this. These need to be ran from the SARK command line. So you can either ssh/putty into it or connect a monitor & keyboard (sark850+ only).

To check the list of IP addresses that have been auto-blocked:

  shorewall show dynamic

To unblock an IP:

  shorewall allow

Replacing the xs with the IP to unblock.

Also if you want to actually manually block an IP yourself then you can do:

  shorewall drop

Note: some early sark200s had a slightly different firewall configuration. In case the above doesn’t work and you’ve had your sark200 since the early days, this should work to unblock an IP:

  iptables -D fail2ban-ASTERISK -s -j DROP