5 Dec
2011
5 Dec
'11
5:47 a.m.
hi, recently i've implemented the module antiflood into kamailio
(3.1.5 from GIT) ,the module works and i can see the ip banned with
kamctl fifo sht_dump ipban
now, when i try to allocate a trusted ip address with permissions module
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
#!endif
--------------
if(src_ip!=TRUSTEDIP)
then i make a sipsak flood test from ip address 1.2.3.4 , but the ip
address entered before into trusted table (1.2.3.4 ) again is banned
with antiflood module
syslog file
: INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count
(nc_enabled) support disabled
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.allow
: INFO: permissions [permissions.c:606]: default allow file
(/usr/local/etc/kamailio/permissions.allow) not found => empty rule
set
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.deny
:INFO : permissions [permissions.c:615]: default deny file
(/usr/local/etc/kamailio/permissions.deny) not found => empty rule set
must i to create this files (permissions.allow, deny) to this module
works? or is enough with empty rule set, according with documentation
- there are another options into this module, but i need only enabling
the trusted ip address part.
regards
pablo umanzor
5 Dec
5 Dec
9:48 p.m.
Hello,
for pure IP based auth, it is better to use 'address' table from
permission module instead of trusted table.
You have to add the trusted IP addresses in address table with grp=1 and
in the config file have a condition like:
if(allow_source_address()) {
# source IP is in address table
...
}
Cheers,
Daniel
On 12/5/11 4:47 AM, pablo umanzor wrote:
hi, recently i've implemented the module antiflood
into kamailio
(3.1.5 from GIT) ,the module works and i can see the ip banned with
kamctl fifo sht_dump ipban
now, when i try to allocate a trusted ip address with permissions module
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
#!endif
--------------
if(src_ip!=TRUSTEDIP)
then i make a sipsak flood test from ip address 1.2.3.4 , but the ip
address entered before into trusted table (1.2.3.4 ) again is banned
with antiflood module
syslog file
: INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count
(nc_enabled) support disabled
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.allow
: INFO: permissions [permissions.c:606]: default allow file
(/usr/local/etc/kamailio/permissions.allow) not found => empty rule
set
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.deny
:INFO : permissions [permissions.c:615]: default deny file
(/usr/local/etc/kamailio/permissions.deny) not found => empty rule set
must i to create this files (permissions.allow, deny) to this module
works? or is enough with empty rule set, according with documentation
- there are another options into this module, but i need only enabling
the trusted ip address part.
regards
pablo umanzor
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda
4739
days inactive
4739
days old
1 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
pablo umanzor