15 Jan
2014
15 Jan
'14
4:25 a.m.
While I could to this as you said, my DB Server does not have inet_aton ...
( Im using db_cassandra )
My DB simply returns a single string with a list of comma separated values.
I then used s.select and while to achieve what I wanted.
$var(i) = 0;
while ( $(avp(i:2){s.select,$var(i),,}) != '' ) {
if (is_in_subnet( $si , $(avp(i:2){s.select,$var(i),,}) )) {
<< DO SOMETHING >>
break;
};
$var(i) = $var(i) + 1;
}
sorry for any confusion....
avp(i:2) looks like 192.168.1.0/24,172.16.1.0/24
this should be fine for now, but how good would it be if ipops module could
handle this in a single function call ?
On 14 January 2014 20:17, Daniel Tryba <daniel(a)pocos.nl> wrote:
On Monday 13 January 2014 13:06:56 jay binks wrote:
--
Sincerely
Jay
So Im looking at a way of implementing IP Network
ACL's in kamailio..
block all except specific subnets etc..
[multiple cidrs]
is there a benevolent kamailio developer on the list who is able to add
this simple feature for me ?
I'm using mysql to do this, but a little math makes it work from any
source.
usr_preference contains stuff like 0.0.0.0/0 or something stricter,
implicit
denies for users without acl records.
route[ACL]
{
if(!avp_db_query("select value from usr_preferences where
username='$au' and attribute='acl' and
inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1
<< (32 -
substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32)
- 1 & ~((1
<<
(32 - substring_index(value,'/',-1))) - 1)"))
{
sl_send_reply("403", "Not Allowed by ACL");
exit;
}
return;
}
--
POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024