El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx@gmail.com) escribió:
Hi there
It must work fine. I've just tested it:
no! i found the problem.. i forgot to say that we updated the table dynamically and later noted in the documentation this: there's no sense in having a table if we cannot load and use data in real-time!
-> "All data will be loaded into memory when the module is started. There is an RPC reload command to update all the data from database."
https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so stupid.. htable logic is better, cos runs dynamically..
puff this module are so inflexible!
kamailio.cfg xinfo("Checking source IP $si"); secf_check_ip(); xinfo("Result of sec_check_ip: $?");
kamailio.log Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Checking source IP 85.XXX.YYY.54 Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Result of sec_check_ip: 2 # kamcmd secfilter.print ip IP Address ========== [+] Blacklisted ----------- [+] Whitelisted ----------- 0001 -> 85.XXX.YYY.54 Are you sure that the secf_check_ip() function is executed? Could you put a log before or after to verify it? On the other hand, 0 is not a possible return value. If the IP address is not found, the return value will be 1: [image: image.png] Regards On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote: > > I implemented secfilter in a simple way, in first step routing put that > conditional for black list check that already works: > > ``` > secf_check_ip(); > if ($? == -2) { > xlog("L_ALERT", "$rm from $si is blacklisted"); > drop(); > } > ``` > > > > BUT NOW i want to change to whitelick checks, so i reviewed the docs and > "2" is resulting for whitelist, so then i said "if not whitelisted so > block" using "!= 2" as on > https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS > DOES NOT WORK: that is the code: > > ``` > secf_check_ip(); > if ($? != 2) { > xlog("L_ALERT", "$rm from $si is not in whitelist, block"); > drop(); > } > ``` > > > > when i tested all the calls passed not matter if are in the table or not > as whitelist! > > I want able to call only if are present and whitelisted the ip address.. > so i also tested with: > > ``` > secf_check_ip(); > if ($? == 0) { > xlog("L_ALERT", "$rm from $si is not present, so block"); > drop(); > } > ``` > > > > to check if the ip address are presented in the table but call also > passed and must not cos i not put never a entry in the table! > > > Lenz McKAY Gerardo (PICCORO) > http://qgqlochekone.blogspot.com > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
