[Freeswitch-users] IP Whitelist

Eric Beard eric at loopfx.com
Wed Jun 8 23:11:34 MSD 2011


It seems I misunderstand the purpose of the acl.conf.xml file.

What I want to do is create an IP whitelist, so only the IPs I designate get a response from FreeSwitch.  I'd like to do this with FreeSwitch rather than a firewall.

I have this in acl.conf.xml:

    <list name="domains" default="deny">
      <!-- domain= is special it scans the domain from the directory to build the ACL -->
      <node type="allow" domain="$${domain}"/>
      <!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
      <node type="allow" cidr="10.1.0.0/24"/>

      <!-- Broadvox DID -->
      <node type="allow" cidr="209.249.3.74/32"/>
    </list>

I was assuming that this would only allow traffic from my local network, 10.1.0.0, and from the single IP 209.249.3.74

But while watching sip traffic, I saw an OPTIONS request from a different IP (sipvicious scan).  Freeswitch happily responded to the OPTIONS with an OK.

How can I configure it so that it ignores requests that are not on my whitelist?

Thanks!

-----------------------
Eric Z. Beard, CTO
Loop LLC
w (877) 850-2010 x9249
m (727) 776-2768
eric at loopfx.com<mailto:eric at loopfx.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110608/9d168a75/attachment.html 


More information about the FreeSWITCH-users mailing list