On Tuesday 19 February 2008, Iñaki Baz Castillo wrote: Hi Iñaki, we've written a custom module for this to handle black (and white) lists on a global and per-user basis. I'm also interested if there are another means to achieve a functionality like this. If this is not possible, then perhaps i'll be able to contribute this module to 1.4. But of course it would be better to use existing code to achieve this. Cheers, Henning -- I'm going to FOSDEM - www.fosdem.org

Hi Iñaki, It looks like you may have settled on a solution already but I'd like to add that carrierroute will do what you are looking for as well with a little work, as I do exactly this already. I have some customers that are only allowed to call certain prefixes (more specific than entire countries, but same principle). What you do is create a route tree for every unique situation you have, and then add the allowed routes to each tree. For your example it would look something like this (requires openser 1.3): route_tree table: id carrier --- ---------- 1000 es-uk (This name could be anything, I just made it up to match your prefixes) carrierroute table: id carrier scan_prefix domain prob strip rewrite_host rewrite_prefix rewrite_suffix comment -- ---------- ---------------- ---------- ------- ------ ----------------- ------------------- ------------------ -------------- 0 1000 34 primary 1.0 0 <pstn_gw_ip> Spain 1 1000 44 primary 1.0 0 <pstn_gw_ip> England The domain is something arbitrary you make up. I use several domains for failover (primary, fail1, fail2, etc) because unlike lcr, carrierroute doesn't handle failover gracefully at this time, so I do it myself in the script. In your script, you can select the route tree either by subscriber or some other criteria such as the source IP of the call. To use src ip for example you might do something like: # Load AVPs for the client IP address avp_db_load("$si", "s/client_avps"); # This assumes the route tree name is indicated in $avp(s:route_tree) # The second arg matches the domain column in carrierroute. if(!cr_tree_rewrite_uri("$avp(s:route_tree)", "primary")) { # If the prefix is not 34 or 44, you will fall in here. Do something # about it like return SIP error, log to acc, etc. } ### # Assume you didn't get here unless there was a prefix match ### # HEre's a cheap way to do a blackhole route using this stuff. # You create a carrierroute entry and instead of a gateway host in the rewrite_host # column, just us ethe string "blackhole". Then you can do something like this: if($rd == "blackhole") { acc_db_request("403 Blackhole route", "acc"); sl_send_reply("403", "Forbidden"); } If you are doing it based on the subscriber table, you would follow the docs in carrierroute module to extend your subscriber schema, and then use cr_user_rewrite_uri instead of cr_tree_rewrite_uri passing in the subscriber username and domain in SIP URI form, and not worry about loading an avp. I use this as part of an overall PSTN routing solution that completely replaced lcr for me, so I'm mentioning it in case anyone else has a similar situation. In my case, I have a default route tree in addition to the restricted ones, that allows calls to anywhere. YMMV, because if you don't need all of carrierroute's power, you might get away with a simpler solution. Good luck, Phil On Feb 19, 2008 7:16 AM, Iñaki Baz Castillo &lt;ibc(a)in.ilimit.es&gt; wrote:

Iñaki Baz Castillo writes: if you use radius, you could return user's allowed prefixes as reply items when user is authenticated. if the list is long, this is not very practical and you may need to implement a separate check for it. it is quite hard to avoid db query in that check especially if each domain/user may have its own list. -- juha