[Freeswitch-users] Unexpected acl behavior. Feature or bug?

Noah Silverman noah at allresearch.com
Tue Sep 30 01:12:00 PDT 2008


That makes sense.

However it might make sense for me to add something to the wiki about  
this.  It isn't documented anywhere that an "allow" in the acl will  
bypass the directory and registration.

On a separate topic, I was just reading a post of yours from February  
where you describe your LCR platform.  Would you be willing to share  
some of your setup and/or software for this?

Thanks,

-N


On Sep 30, 2008, at 12:47 AM, Ken Rice wrote:

> The ACL is a way to specify a group of trusted machines and the  
> system will
> bypass auth on those calls...
>
> If you need something from the directory don't use the ACL...
>
> If you don't want FS to respond to SIP from unknown IP Addresses  
> that's a
> more appropriate job for your firewall software (iptables?)
>
>
>> From: Noah Silverman <noah at allresearch.com>
>> Reply-To: <freeswitch-users at lists.freeswitch.org>
>> Date: Tue, 30 Sep 2008 00:41:17 -0700
>> To: <freeswitch-users at lists.freeswitch.org>
>> Subject: [Freeswitch-users] Unexpected acl behavior.  Feature or bug?
>>
>> Hi,
>>
>> As some of you are probably aware, I've had a really hard time  
>> getting
>> asterisk to work with FS.
>>
>> The effective_caller_id_number and the accountcode were not getting
>> logged or passed through on outgoing calls.
>>
>> I finally solved the problem, but attribute it to some unexpected
>> behavior of the acl setting.  I'm curious as to whether this is the
>> intended behavior, or a bug.
>>
>> In my sip profile, I had apply-inbound-acl set to a list that
>> contained the IP of my asterisk box.  Apparently, when this happens,
>> FS was allowing ANY call from my asterisk box without registration.
>> Subsequently, since FS was just blindly accepting the call with no
>> registration, it didn't match anything in the directory and no
>> accountcode or caller-id was set.
>>
>> By simply removing the inbound-acl setting, I was able to have
>> everything working perfectly.
>>
>> My understanding was that the goal of the inbound-acl was to limit
>> which IP FS would accept SIP requests from.  I was not aware that it
>> would then accept any call blindly without any associated user.
>> Interesting....
>>
>> If any of the FS developers are interested in the exact configuration
>> file that I'm using, please contact me directly and I'll forward the
>> file to you.
>>
>> -Noah
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>





More information about the FreeSWITCH-users mailing list