El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx@gmail.com) escribió:
Hi there

It must work fine. I've just tested it:

no! i found the problem.. i forgot to say that we updated the table dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in real-time!

-> "All data will be loaded into memory when the module is started. There is an RPC reload command to update all the data from database."

https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so stupid.. htable logic is better, cos runs dynamically.. 

puff this module are so inflexible!


kamailio.cfg
        xinfo("Checking source IP $si");
        secf_check_ip();
        xinfo("Result of sec_check_ip: $?");

kamailio.log
        Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Checking source IP 85.XXX.YYY.54
        Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Result of sec_check_ip: 2

# kamcmd secfilter.print ip
IP Address
==========
[+] Blacklisted
    -----------

[+] Whitelisted
    -----------
    0001 -> 85.XXX.YYY.54

Are you sure that the secf_check_ip() function is executed? Could you put a log before or after to verify it?

On the other hand, 0 is not a possible return value. If the IP address is not found, the return value will be 1:

image.png

Regards


On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote:

I implemented secfilter in a simple way, in first step routing put that conditional for black list check that already works:

```
        secf_check_ip();
        if ($? == -2) {
                xlog("L_ALERT", "$rm from $si is blacklisted");
                drop();
        }

```


BUT NOW i want to change to whitelick checks, so i reviewed the docs and "2" is resulting for whitelist, so then i said "if not whitelisted so block" using "!= 2" as on https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS DOES NOT WORK: that is the code:
```
        secf_check_ip();
        if ($? != 2) {
                xlog("L_ALERT", "$rm from $si is not in whitelist, block");
                drop();
        }

```


when i tested all the calls passed not matter if are in the table or not as whitelist!

I want able to call only if are present and whitelisted the ip address.. so i also tested with:
```
        secf_check_ip();
        if ($? == 0) {
                xlog("L_ALERT", "$rm from $si is not present, so block");
                drop();
        }

```


to check if the ip address are presented in the table but call also passed and must not cos i not put never a entry in the table!


Lenz McKAY Gerardo (PICCORO)
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users