hi, recently i've implemented the module antiflood into kamailio (3.1.5 from GIT) ,the module works and i can see the ip banned with
kamctl fifo sht_dump ipban
now, when i try to allocate a trusted ip address with permissions module
#!ifdef WITH_IPAUTH modparam("permissions", "db_url", DBURL) modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted") #!endif --------------
if(src_ip!=TRUSTEDIP)
then i make a sipsak flood test from ip address 1.2.3.4 , but the ip address entered before into trusted table (1.2.3.4 ) again is banned with antiflood module
syslog file
: INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count (nc_enabled) support disabled : INFO: permissions [parse_config.c:251]: file not found: /usr/local/etc/kamailio/permissions.allow : INFO: permissions [permissions.c:606]: default allow file (/usr/local/etc/kamailio/permissions.allow) not found => empty rule set : INFO: permissions [parse_config.c:251]: file not found: /usr/local/etc/kamailio/permissions.deny :INFO : permissions [permissions.c:615]: default deny file (/usr/local/etc/kamailio/permissions.deny) not found => empty rule set
must i to create this files (permissions.allow, deny) to this module works? or is enough with empty rule set, according with documentation - there are another options into this module, but i need only enabling the trusted ip address part.
regards pablo umanzor
Hello,
for pure IP based auth, it is better to use 'address' table from permission module instead of trusted table.
You have to add the trusted IP addresses in address table with grp=1 and in the config file have a condition like:
if(allow_source_address()) { # source IP is in address table ... }
Cheers, Daniel
On 12/5/11 4:47 AM, pablo umanzor wrote:
hi, recently i've implemented the module antiflood into kamailio (3.1.5 from GIT) ,the module works and i can see the ip banned with
kamctl fifo sht_dump ipban
now, when i try to allocate a trusted ip address with permissions module
#!ifdef WITH_IPAUTH modparam("permissions", "db_url", DBURL) modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")
#!endif
if(src_ip!=TRUSTEDIP)
then i make a sipsak flood test from ip address 1.2.3.4 , but the ip address entered before into trusted table (1.2.3.4 ) again is banned with antiflood module
syslog file
: INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count (nc_enabled) support disabled : INFO: permissions [parse_config.c:251]: file not found: /usr/local/etc/kamailio/permissions.allow : INFO: permissions [permissions.c:606]: default allow file (/usr/local/etc/kamailio/permissions.allow) not found => empty rule set : INFO: permissions [parse_config.c:251]: file not found: /usr/local/etc/kamailio/permissions.deny :INFO : permissions [permissions.c:615]: default deny file (/usr/local/etc/kamailio/permissions.deny) not found => empty rule set
must i to create this files (permissions.allow, deny) to this module works? or is enough with empty rule set, according with documentation
- there are another options into this module, but i need only enabling
the trusted ip address part.
regards pablo umanzor
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
pablo umanzor