[Freeswitch-users] Confusing SIP auth failure logging message?

Steven Ayre steveayre at gmail.com
Mon Feb 7 10:49:46 MSK 2011


You can do so in freeswitch but sometimes it's better to do it in the firewall. For example it uses far fewer resources to block someone in the firewall. It's also easier to block scanners such as friendly-scanner in the firewall.

Steve on iPhone

On 7 Feb 2011, at 07:31, Simon J Mudd <sjmudd at pobox.com> wrote:

> On Mon, Feb 07, 2011 at 12:22:36AM +0100, Simon J Mudd wrote:
>> I've been looking at trying to configure tighter controls for extensions that register.
> 
> Looking at http://wiki.freeswitch.org/wiki/Acl I see the comment lower down:
> 
> sip_profiles
> 
> ... Should you want to protect your FreeSWITCH installation from being contacted by some IP addresses, you will need to setup some firewall rules. To protect your installation, you can look at QoS.
> 
> I'm confused. I understand that a firewall can be configured to drop/allow certain packages but given that FreeSWITCH does have acls it seems unusual to me that you
> can do this directly in FreeSWITCH.
> 
> That is I have an Asterisk configuration which I am trying to migrate from and can easily configure in sip.conf:
> 
> [1000]
> username=1000
> type=friend
> secret=1234567890
> context=xxxxxx
> host=dynamic
> registersip=yes
> deny=0.0.0.0/0.0.0.0
> permit=88.100.50.0/255.255.255.0  -- this is not a real network range but you get the idea.
> nat=yes
> call-limit=1
> ...
> 
> This specifies a user for registration who:
> (1) must provide a password
> (2) can only register from the given network range
> (3) is only allowed to make 1 call at a time
> 
> Basically I want to mimic this functionality.
> 
> I'm assuming that FreeSWITCH acls would be the way to do this. The
> examples on the wiki don't seem to suggest this is possible.
> Could someone help provide an example of if/how this would be done
> in FreeSWITCH?
> 
> Thanks,
> 
> Simon
> 
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org



More information about the FreeSWITCH-users mailing list