[Freeswitch-users] Enabling extensions with passwords and limiting network access via acls (Was: Confusing SIP auth failure logging message?)

Steven Ayre steveayre at gmail.com
Wed Feb 9 02:03:44 MSK 2011 

Either set a variable and use it with check_acl in the dialplan for that user, or use mod_XML_curl and don't return the user entry if the network_addr doesn't match the cidr acl.

Steve on iPhone

On 8 Feb 2011, at 22:18, Simon J Mudd <sjmudd at pobox.com> wrote:

> I don't think I got a definitive answer to the question I posed before:
> 
> sjmudd at pobox.com (Simon J Mudd) writes:
> 
> ...
> 
>> That is I have an Asterisk configuration which I am trying to
>> migrate from and can easily configure in sip.conf:
>> 
>> [1000]
>> username=1000
>> type=friend
>> secret=1234567890
>> context=xxxxxx
>> host=dynamic
>> registersip=yes
>> deny=0.0.0.0/0.0.0.0
>> permit=88.100.50.0/255.255.255.0  -- this is not a real network range but you get the idea.
>> nat=yes
>> call-limit=1
>> ...
>> 
>> This specifies a user for registration who:
>> (1) must provide a password
>> (2) can only register from the given network range
>> (3) is only allowed to make 1 call at a time
> 
> I see that there are ways to implement (3) though it seems that's more on
> a per gateway basis than a per extension basis. That's ok.
> 
> What really interests me is implementing (1) _and_ (2) together.  Is this
> possible? If not it would certainly be a nice new feature.
> 
> Perhaps the default FreeSWITCH configuration should limit access to
> the default extensions to be registered only from the networks defined
> in localnet.auto.  This reduces exposure to external bad
> software.
> 
> Even if I can configure this extra limitation myself manually I'd be
> happy as this would basically leave me more comfortable with
> FreeSWITCH running unattended. I'm not confident to do that now if I
> configure any gateways due to the issues I've had before.
> 
> Simon
> 
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list