[Freeswitch-users] ACL not working

Diego Viola diego.viola at gmail.com
Tue Apr 21 02:08:59 PDT 2009 

Hey guys,

I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.

I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.

I have this on the internal profile:

    <param name="apply-nat-acl" value="rfc1918"/>
    <param name="apply-inbound-acl" value="domains"/>
    <param name="apply-register-acl" value="domains"/>

And this is how my acl.conf.xml looks, it's all set to deny:

<configuration name="acl.conf" description="Network Lists">
  <network-lists>

    <list name="dl-candidates" default="deny">
      <node type="deny" cidr="10.0.0.0/8"/>
      <node type="deny" cidr="172.16.0.0/12"/>
      <node type="deny" cidr="192.168.0.0/16"/>
    </list>

    <list name="rfc1918" default="deny">
      <node type="deny" cidr="10.0.0.0/8"/>
      <node type="deny" cidr="172.16.0.0/12"/>
      <node type="deny" cidr="192.168.0.0/16"/>
    </list>

    <list name="lan" default="deny">
      <node type="deny" cidr="192.168.42.0/24"/>
      <node type="deny" cidr="192.168.42.42/32"/>
    </list>

    <list name="strict" default="deny">
      <node type="deny" cidr="208.102.123.124/32"/>
    </list>
    <!--
        This will traverse the directory adding all users
        with the cidr= tag to this ACL, when this ACL matches
        the users variables and params apply as if they
        digest authenticated.
    -->
    <list name="domains" default="deny">
      <node type="deny" domain="$${domain}"/>
      <node type="deny" cidr="192.168.0.0/24"/>
    </list>

  </network-lists>
</configuration>

But I'm still allowed to register with the 1000 user and make calls, to the
conference extension, etc... I can't understand this, if it's all to deny
and the cidr is set to 192.168.0.0/24 on the "domains" context, which is
what hte profile uses, shouldn't the registration/call be denied. I have
tried many conbinations but whenever I change something it wont make any
difference.

Please help me.

Thanks,

Diego
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090421/748f2029/attachment-0002.html

More information about the FreeSWITCH-users mailing list