14 Jan
2014
14 Jan
'14
12:17 p.m.
On Monday 13 January 2014 13:06:56 jay binks wrote:
So Im looking at a way of implementing IP Network
ACL's in kamailio..
block all except specific subnets etc..
[multiple cidrs]
is there a benevolent kamailio developer on the list who is able to add
this simple feature for me ?
I'm using mysql to do this, but a little math makes it work from any source.
usr_preference contains stuff like 0.0.0.0/0 or something stricter, implicit
denies for users without acl records.
route[ACL]
{
if(!avp_db_query("select value from usr_preferences where
username='$au' and attribute='acl' and
inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1
<< (32 -
substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32)
- 1 & ~((1 <<
(32 - substring_index(value,'/',-1))) - 1)"))
{
sl_send_reply("403", "Not Allowed by ACL");
exit;
}
return;
}
--
POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024