[Freeswitch-users] Unexpected acl behavior. Feature or bug?

Anthony Minessale anthony.minessale at gmail.com
Tue Sep 30 06:09:58 PDT 2008


There is a separate apply-inbound-acl and apply-register-acl

And yest the point of apply-inbound-acl is that all matches from that ip
will be allowed in blindly.
it's the opposite of doing Digest auth.

There is still a way to associate an a ip range with a user so when you are
let in over
acl it will still set all the user settings.  it's the special domain acl
that was recently added that
scans each user in your directory for a cidr= attr and adds it to the
domains acl
then you can apply-inbound-acl=domains

It is possible to get asterisk to register to FS with normal digest auth
it's just a little tricky because asterisk
does not like domain based authentication which is actually the normal way
to do it.  They hacked in support for it
way late in the development timeline and it's kinda hard to figure out, I
still forget how to do it sometimes.
it's something to do with a special syntax in the register line.






On Tue, Sep 30, 2008 at 2:41 AM, Noah Silverman <noah at allresearch.com>wrote:

> Hi,
>
> As some of you are probably aware, I've had a really hard time getting
> asterisk to work with FS.
>
> The effective_caller_id_number and the accountcode were not getting
> logged or passed through on outgoing calls.
>
> I finally solved the problem, but attribute it to some unexpected
> behavior of the acl setting.  I'm curious as to whether this is the
> intended behavior, or a bug.
>
> In my sip profile, I had apply-inbound-acl set to a list that
> contained the IP of my asterisk box.  Apparently, when this happens,
> FS was allowing ANY call from my asterisk box without registration.
> Subsequently, since FS was just blindly accepting the call with no
> registration, it didn't match anything in the directory and no
> accountcode or caller-id was set.
>
> By simply removing the inbound-acl setting, I was able to have
> everything working perfectly.
>
> My understanding was that the goal of the inbound-acl was to limit
> which IP FS would accept SIP requests from.  I was not aware that it
> would then accept any call blindly without any associated user.
> Interesting....
>
> If any of the FS developers are interested in the exact configuration
> file that I'm using, please contact me directly and I'll forward the
> file to you.
>
> -Noah
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080930/e86e18e3/attachment-0002.html 


More information about the FreeSWITCH-users mailing list