[Freeswitch-users] ACL question

Seven Du dujinfang at gmail.com
Sun Jul 28 18:28:54 MSD 2013


Hi, 

I know ACL is to block or allow an IP to reg or call. But in practise, if an IP is allowed then it won't check the User directory again so cannot match to the user info stored in the user directory and dialplan route to the public context.

      <node type="allow" cidr="192.168.1.123/32"/>


2013-07-28 22:11:04.647358 [DEBUG] sofia.c:7915 IP 192.168.1.123 Approved by acl "domains[]". Access Granted.
2



If I set the cidr attribute in the user directory, but it seems been parsed to the ACL so it also allows any other users to reg or call from that url. Below is a log that shows Access Granted when I actually set the cidr to 1000 but calling with 1001. FS doesn't challenge 1001.


2013-07-28 22:07:14.347320 [DEBUG] sofia.c:7915 IP 192.168.1.123 Approved by acl "domains[1000 at 192.168.1.123 (mailto:1000 at 192.168.1.123)]". Access Granted.
2013-07-28 22:07:14.347320 [DEBUG] sofia.c:8045 Authenticating user 1000 at 192.168.1.123 (mailto:1000 at 192.168.1.123)


Is it a problem?

Is it possible to check the ip *and* the user? e.g. user 1000 can only reg from ip IP with password 1234.

Thanks.


-- 
Seven Du
http://www.freeswitch.org.cn
http://about.me/dujinfang
http://www.dujinfang.com


Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130728/589cb17e/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list