[Freeswitch-users] Confusing SIP auth failure logging message?

Simon J Mudd sjmudd at pobox.com
Mon Feb 7 10:31:24 MSK 2011


On Mon, Feb 07, 2011 at 12:22:36AM +0100, Simon J Mudd wrote:
> I've been looking at trying to configure tighter controls for extensions that register.

Looking at http://wiki.freeswitch.org/wiki/Acl I see the comment lower down:

sip_profiles

... Should you want to protect your FreeSWITCH installation from being contacted by some IP addresses, you will need to setup some firewall rules. To protect your installation, you can look at QoS.

I'm confused. I understand that a firewall can be configured to drop/allow certain packages but given that FreeSWITCH does have acls it seems unusual to me that you
can do this directly in FreeSWITCH.

That is I have an Asterisk configuration which I am trying to migrate from and can easily configure in sip.conf:

[1000]
username=1000
type=friend
secret=1234567890
context=xxxxxx
host=dynamic
registersip=yes
deny=0.0.0.0/0.0.0.0
permit=88.100.50.0/255.255.255.0  -- this is not a real network range but you get the idea.
nat=yes
call-limit=1
...

This specifies a user for registration who:
(1) must provide a password
(2) can only register from the given network range
(3) is only allowed to make 1 call at a time

Basically I want to mimic this functionality.

I'm assuming that FreeSWITCH acls would be the way to do this. The
examples on the wiki don't seem to suggest this is possible.
Could someone help provide an example of if/how this would be done
in FreeSWITCH?

Thanks,

Simon



More information about the FreeSWITCH-users mailing list