[Freeswitch-users] ACLs / changing to which IPs FS binds to

Michael Collins msc at freeswitch.org
Tue Jan 31 22:38:22 MSK 2012 

Georg,

Once you've created the ACLs in acl.conf.xml you then need to apply them in
the SIP profiles. Look in conf/sip_profiles/internal.xml and you'll see
that there are parameters for applying ACLs for various types of security.
Specifically look for:

apply-inbound-acl
apply-register-acl

-MC

On Tue, Jan 24, 2012 at 4:33 PM, <georg at riseup.net> wrote:

> Hi all,
>
> I've got a server running FS with five nets associated. There are just
> two, from where I receive calls and my phones are registering.
>
> I would like to exclude all the nets by default from being allowed to
> contact / register at FS, and only allow
>
> - one net 172.251.X.XXX
> - one net 192.168.X.XXX
>
> I tried achieving this trough acl.conf, however, had no success.
> I disabled NAT at startup trough -nonat.
>
> 'sofia status profile internal' is showing me a public ip of my server
> next to "Pres Hosts" (but also one ip out of the mentioned 192.168.X.XXX
> net, which is fine).
>
> In internal.xml, I set rtp-ip and sip-ip to this (correct) ip.
>
> I think my main mistake is that I don't understand how things are handled
> in acl.conf. So far it looks like this:
>
> <configuration name="acl.conf" description="Network Lists">
>  <network-lists>
>    <list name="localnet.auto" default="deny">
>        <node type="allow" cidr="192.168.X.X/24"/>
>        <node type="deny"  cidr="Public IP/29"/>
>    </list>
>    <list name="domains" default="deny">
>      <node type="allow" domain="192.168.X.XX"/>
>      <node type="allow" cidr="192.168.X.X/24"/>
>    </list>
>  </network-lists>
> </configuration>
>
> Thanks in advance,
> Georg
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120131/e4de022e/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list