11 Oct
2021
11 Oct
'21
1:27 a.m.
Hello, this is really an Asterisk question.
Here in Kamailio we'd recommend you do that filtering at the proxy level,
using the "permissions" module.
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
On Sun, Oct 10, 2021 at 6:52 PM Mihai Cezar <cezar(a)mokalife.ro> wrote:
Hi,
The last matching rule is the one used. If no rule matches, then the
connection is permitted.
Example:
deny=0.0.0.0/0.0.0.0
permit=1.2.3.4/32
Deny every address except for the only one allowed.
Basically the rules are processed from the first to the last.
On Sat, Oct 9, 2021 at 3:26 PM Bugaian A. Vitalie <bugaian(a)gmail.com>
wrote:
the
sender!
Hi,
I think its the order you apply the ACL, first permit some, then deny
any?
Vitalie.
On Sat, Oct 9, 2021 at 1:58 PM Mihai Cezar <cezar(a)mokalife.ro> wrote:
>
> Hello,
>
> I have an issue with filtering on the asterisk side, my requests are:
> UsersPhones(bria) -> Kamailio -> Asterisk -> Sip Trunk Out.
>
> The goal is to manage a new layer of protection ( IP filtering /
Whitelisting
).
> When I try to compile a list of Whitelisted
IP in sip.conf I get this
error:
>
> NOTICE[205]: acl.c:748 ast_apply_acl: SIP contact ACL: Rejecting
> '145.72.23.45' due to a failure to pass ACL '(BASELINE)'
> WARNING[205]: chan_sip.c:17061 parse_register_contact: Domain
> '5.12.16.2:48669' disallowed by contact ACL (violating IP
> 145.72.23.45)
> WARNING[205]: chan_sip.c:17933 register_verify: Registration denied
> because of contact ACL
>
> The IP 145.72.23.45, is the proxy kamailio and if I added it to
> sip.conf it works, but so does every ip afterwards.
>
> I tried with contactpermit also with permit, the result is the same as
> long as I permit the proxy ip it works. Is there something that I can
> do on the asterisk side to activate this filtering Or there is
> something that I can do in Kamailio so it will forward the realip ?
>
> contactdeny=0.0.0.0/0.0.0.0
> contactpermit=145.72.23.45/32
> contactpermit=5.12.16.2/32
>
>
> Thanks in advance,
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users(a)lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only
to the
sender!
Edit
mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users