[Freeswitch-users] Unexpected acl behavior. Feature or bug?

Ken Rice krice at suspicious.org
Tue Sep 30 01:39:35 PDT 2008


The software in question is a custom dialplan replacement module for
freeswitch that is available for licensing...

As far as the setup goes you set up the sip profiles as normal, ratedecks
and other items are loaded into a DB and routing happens automagically...




> From: Noah Silverman <noah at allresearch.com>
> Reply-To: <freeswitch-users at lists.freeswitch.org>
> Date: Tue, 30 Sep 2008 01:12:00 -0700
> To: <freeswitch-users at lists.freeswitch.org>
> Subject: Re: [Freeswitch-users] Unexpected acl behavior.  Feature or bug?
> 
> That makes sense.
> 
> However it might make sense for me to add something to the wiki about
> this.  It isn't documented anywhere that an "allow" in the acl will
> bypass the directory and registration.
> 
> On a separate topic, I was just reading a post of yours from February
> where you describe your LCR platform.  Would you be willing to share
> some of your setup and/or software for this?
> 
> Thanks,
> 
> -N
> 
> 
> On Sep 30, 2008, at 12:47 AM, Ken Rice wrote:
> 
>> The ACL is a way to specify a group of trusted machines and the
>> system will
>> bypass auth on those calls...
>> 
>> If you need something from the directory don't use the ACL...
>> 
>> If you don't want FS to respond to SIP from unknown IP Addresses
>> that's a
>> more appropriate job for your firewall software (iptables?)
>> 
>> 
>>> From: Noah Silverman <noah at allresearch.com>
>>> Reply-To: <freeswitch-users at lists.freeswitch.org>
>>> Date: Tue, 30 Sep 2008 00:41:17 -0700
>>> To: <freeswitch-users at lists.freeswitch.org>
>>> Subject: [Freeswitch-users] Unexpected acl behavior.  Feature or bug?
>>> 
>>> Hi,
>>> 
>>> As some of you are probably aware, I've had a really hard time
>>> getting
>>> asterisk to work with FS.
>>> 
>>> The effective_caller_id_number and the accountcode were not getting
>>> logged or passed through on outgoing calls.
>>> 
>>> I finally solved the problem, but attribute it to some unexpected
>>> behavior of the acl setting.  I'm curious as to whether this is the
>>> intended behavior, or a bug.
>>> 
>>> In my sip profile, I had apply-inbound-acl set to a list that
>>> contained the IP of my asterisk box.  Apparently, when this happens,
>>> FS was allowing ANY call from my asterisk box without registration.
>>> Subsequently, since FS was just blindly accepting the call with no
>>> registration, it didn't match anything in the directory and no
>>> accountcode or caller-id was set.
>>> 
>>> By simply removing the inbound-acl setting, I was able to have
>>> everything working perfectly.
>>> 
>>> My understanding was that the goal of the inbound-acl was to limit
>>> which IP FS would accept SIP requests from.  I was not aware that it
>>> would then accept any call blindly without any associated user.
>>> Interesting....
>>> 
>>> If any of the FS developers are interested in the exact configuration
>>> file that I'm using, please contact me directly and I'll forward the
>>> file to you.
>>> 
>>> -Noah
>>> 
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>> 
>> 
>> 
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
> 
> 
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org






More information about the FreeSWITCH-users mailing list