11 Aug
2020
11 Aug
'20
10:42 p.m.
I implemented secfilter in a simple way, in first step routing put that
conditional for black list check that already works:
```
secf_check_ip();
if ($? == -2) {
xlog("L_ALERT", "$rm from $si is blacklisted");
drop();
}
```
BUT NOW i want to change to whitelick checks, so i reviewed the docs and
"2" is resulting for whitelist, so then i said "if not whitelisted so
block" using "!= 2" as on
https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS DOES
NOT WORK: that is the code:
```
secf_check_ip();
if ($? != 2) {
xlog("L_ALERT", "$rm from $si is not in whitelist,
block");
drop();
}
```
when i tested all the calls passed not matter if are in the table or not
as whitelist!
I want able to call only if are present and whitelisted the ip address.. so
i also tested with:
```
secf_check_ip();
if ($? == 0) {
xlog("L_ALERT", "$rm from $si is not present, so
block");
drop();
}
```
to check if the ip address are presented in the table but call also passed
and must not cos i not put never a entry in the table!
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
12 Aug
12 Aug
5:30 p.m.
Hi there
It must work fine. I've just tested it:
kamailio.cfg
xinfo("Checking source IP $si");
secf_check_ip();
xinfo("Result of sec_check_ip: $?");
kamailio.log
Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Checking source IP 85.XXX.YYY.54
Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Result of sec_check_ip: 2
# kamcmd secfilter.print ip
IP Address
==========
[+] Blacklisted
-----------
[+] Whitelisted
-----------
0001 -> 85.XXX.YYY.54
Are you sure that the secf_check_ip() function is executed? Could you put a
log before or after to verify it?
On the other hand, 0 is not a possible return value. If the IP address is
not found, the return value will be 1:
[image: image.png]
Regards
On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
I implemented secfilter in a simple way, in first step routing put that
conditional for black list check that already works:
```
secf_check_ip();
if ($? == -2) {
xlog("L_ALERT", "$rm from $si is blacklisted");
drop();
}
```
BUT NOW i want to change to whitelick checks, so i reviewed the docs and
"2" is resulting for whitelist, so then i said "if not whitelisted so
block" using "!= 2" as on
https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS
DOES NOT WORK: that is the code:
```
secf_check_ip();
if ($? != 2) {
xlog("L_ALERT", "$rm from $si is not in whitelist,
block");
drop();
}
```
when i tested all the calls passed not matter if are in the table or not
as whitelist!
I want able to call only if are present and whitelisted the ip address..
so i also tested with:
```
secf_check_ip();
if ($? == 0) {
xlog("L_ALERT", "$rm from $si is not present, so
block");
drop();
}
```
to check if the ip address are presented in the table but call also passed
and must not cos i not put never a entry in the table!
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
13 Aug
13 Aug
3:47 a.m.
El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx(a)gmail.com)
escribió:
Hi there
It must work fine. I've just tested it:
no! i found the problem.. i forgot to say that we updated the table
dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in
real-time!
-> "All data will be loaded into memory when the module is started. There
is an RPC reload command to update all the data from database."
https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so
stupid.. htable logic is better, cos runs dynamically..
puff this module are so inflexible!
kamailio.cfg
xinfo("Checking source IP $si");
secf_check_ip();
xinfo("Result of sec_check_ip: $?");
kamailio.log
Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Checking source IP 85.XXX.YYY.54
Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Result of sec_check_ip: 2
# kamcmd secfilter.print ip
IP Address
==========
[+] Blacklisted
-----------
[+] Whitelisted
-----------
0001 -> 85.XXX.YYY.54
Are you sure that the secf_check_ip() function is executed? Could you put
a log before or after to verify it?
On the other hand, 0 is not a possible return value. If the IP address is
not found, the return value will be 1:
[image: image.png]
Regards
On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
I implemented secfilter in a simple way, in first step routing put that
conditional for black list check that already works:
```
secf_check_ip();
if ($? == -2) {
xlog("L_ALERT", "$rm from $si is blacklisted");
drop();
}
```
BUT NOW i want to change to whitelick checks, so i reviewed the docs and
"2" is resulting for whitelist, so then i said "if not whitelisted so
block" using "!= 2" as on
https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS
DOES NOT WORK: that is the code:
```
secf_check_ip();
if ($? != 2) {
xlog("L_ALERT", "$rm from $si is not in whitelist,
block");
drop();
}
```
when i tested all the calls passed not matter if are in the table or not
as whitelist!
I want able to call only if are present and whitelisted the ip address..
so i also tested with:
```
secf_check_ip();
if ($? == 0) {
xlog("L_ALERT", "$rm from $si is not present, so
block");
drop();
}
```
to check if the ip address are presented in the table but call also
passed and must not cos i not put never a entry in the table!
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
14 Aug
14 Aug
9:26 a.m.
Hi
El jue., 13 ago. 2020 3:06, PICCORO McKAY Lenz <mckaygerhard(a)gmail.com escribió:
El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux
(pepeluxx(a)gmail.com)
escribió:
Another example of your toxic behaviour. Every time, you know better,
things are stupid, etc...
I'm already tired of this.
Hi there
It must work fine. I've just tested it:
no! i found the problem.. i forgot to say that we updated the table
dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in
real-time!
-> "All data will be loaded into memory when the module is started. There
is an RPC reload command to update all the data from database."
https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19
so stupid.. htable logic is better, cos runs dynamically..
puff this module are so inflexible
1561
days inactive
1564
days old
3 comments
3 participants
participants (3)
-
Pepelux -
PICCORO McKAY Lenz -
Victor Seva