19 Apr
2019
19 Apr
'19
2:44 a.m.
Following code snippet from default kamailio.cfg never gives 403 if you
smart enough to set "fromdomain" parameter on Asterisk to Kamailio's IP.
How to fix it? I want password-based registration (which is OK now) and
permit calls via Kamailio only from permitted IPs.
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself) {
sl_send_reply("403","Not relaying");
exit;
}
19 Apr
19 Apr
4:22 a.m.
On Fri, Apr 19, 2019 at 09:44:14AM +0300, Yu Boot wrote:
Following code snippet from default kamailio.cfg never
gives 403 if you
smart enough to set "fromdomain" parameter on Asterisk to Kamailio's IP.
How
to fix it? I want password-based registration (which is OK now) and permit
calls via Kamailio only from permitted IPs.
TIMTOWTDI but a fairly generic and easily extendable way is to use the
permissions module:
https://www.kamailio.org/docs/modules/stable/modules/permissions.html#permi…
(or one of the variants):
if (!allow_source_address() || (from_uri!=myself && uri!=myself)) {
sl_send_reply("403","Not relaying");
exit;
}
Your remark regarding authentication might result in something like:
if(!allow_source_address() || $au==$null)
{
sl_send_reply("403","Go away!");
}
5:19 a.m.
On Fri, Apr 19, 2019 at 11:38:50AM +0300, Yu Boot wrote:
Added this before final "return", it still
allow to call from any IP without
registration. :(
> if(!allow_source_address() || $au==$null)
> {
> sl_send_reply("403","Go away!");
> }
This code is in no way related to registrations. If you want to check
against the location database, you'll have to do this manually AFAIK. If
you store locations in a database you can select where received like
'sip:$si:%' with e.g. sql_ops
2130
days inactive
2130
days old
4 comments
2 participants
participants (2)
-
Daniel Tryba -
Yu Boot