There are a lot of options here.
For source IPs and subnets, the `permissions` module probably works best:
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html
While it can function in a mode where it bangs on your database for every request, it also supports a caching mode (db_mode 1):
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions...
In caching mode, it loads the ACL from the database once on startup and keeps it in memory. If you have made alterations to the database table and want to kick Kamailio to reload it, there are management/RPC commands for that[2]:
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions... https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions...
Note that in a lot of scenarios, use of the permissions module isn't truly necessary because some other module provides a de facto ACL. For example, if you are using the dispatcher[1] module to front-end a group of servers for round-robin type load balancing, making routing decisions based on whether the origin is within the dispatcher server pool seems only natural[2]:
if(ds_is_from_list("1")) { # Allow from own application server farm. }
For filtering out nonlocal URI domains, the `domain` module presents a natural fit. It works much as `permissions` does in terms of in-memory caching and that:
https://kamailio.org/docs/modules/5.1.x/modules/domain.html
And if you should find that these modules' data model doesn't schematically meet your needs, you can always seed your own `htable` values from a DB-backed hash table:
https://kamailio.org/docs/modules/5.1.x/modules/htable.html#htable.p.db_url
Or fetch these values from somewhere else (e.g. HTTP API) and inject them into an htable upon startup:
https://kamailio.org/docs/modules/5.1.x/modules/htable.html#idp49461924
Lots of options...
-- Alex
[1] https://kamailio.org/docs/modules/5.1.x/modules/dispatcher.html
[2] https://kamailio.org/docs/modules/5.1.x/modules/dispatcher.html#dispatcher.f...
On Wed, May 09, 2018 at 09:04:16PM +0000, KamDev Essa wrote:
easy. Not one of my domains or source IPs. Unless hackers is ex user they would never know my list. KD On Wednesday, May 9, 2018, 4:53:21 PM EDT, Alex Balashov abalashov@evaristesys.com wrote:
How would you define "foes" in a programmatic sense? :) That will dictate the answer.
-- Alex
-- Sent via mobile, please forgive typos and brevity.
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users