[Freeswitch-users] Can I use a domain name in an ACL list?

Szeto, Steven steven.szeto at mitel.com
Fri Feb 6 23:55:29 MSK 2015


I've tried entering this in acl.conf.xml:


   <list name="domains" default="deny">
      <node type="allow" host="miccgw1.design.mitel.com"
mask="255.255.255.0"/>
    </list>

After reloadacl (no errors), I tried making a call:


2015-02-06 15:47:51.831958 [NOTICE] switch_channel.c:1055 New Channel
sofia/internal/5401 at miccgw1.design.mitel.com
[fbcbdde0-6b3e-43e1-9fcf-f592c83b0efb]

but the incoming call still gets rejected:

2015-02-06 15:47:51.831958 [DEBUG] sofia.c:8775 IP 10.47.41.109 Rejected by
acl "domains". Falling back to Digest auth.

2015-02-06 15:47:51.871962 [DEBUG] sofia.c:8775 IP 10.47.41.109 Rejected by
acl "domains". Falling back to Digest auth.
2015-02-06 15:47:51.871962 [WARNING] sofia_reg.c:2752 Can't find user [@
10.47.26.44] from 10.47.41.109
You must define a domain called '10.47.26.44' in your directory and add a
user with the id="" attribute
and you must configure your device to use the proper domain in it's
authentication credentials.

If I want to get rid of the error, I need to specify the IP address of the
originating pbx:

      <node type="allow" cidr="10.47.41.109/32" />

Any thoughts on how to get the acl file to support hostnames?



On Thu, Feb 5, 2015 at 11:42 AM, Brian West <brian at freeswitch.org> wrote:

> Looking at the code it looks like it would accept host.
>
> On Thu, Feb 5, 2015 at 9:59 AM, Szeto, Steven <steven.szeto at mitel.com>
> wrote:
>
>> Suppose I have a switch with DNS hostname of "myswitch.company.com" and
>> an IP address of 10.11.12.13.
>>
>> If I want to allow this switch's phones to call FreeSwitch, I have to
>> update the acl.conf.xml file with an entry that looks like this:
>>
>>     <list name="domains" default="deny">
>>
>>       <node type="allow" cidr="10.11.12.13/32" />
>>
>>     </list>
>>
>>
>> What I would like to do is use the DNS hostname of the switch instead. So
>> the above entry should look something like this:
>>
>>     <list name="domains" default="deny">
>>
>>       <node type="allow" host="myswitch.company.com" />
>>
>>     </list>
>>
>> When I try the above, the calls are rejected by FreeSwitch.
>>
>> When creating its Access Control List, is there a way to tell FreeSwitch
>> to do a hostname lookup when hosts are specified?
>>
>> Regards,
>> Steve
>>
>> This e-mail (including any attachments) is for the sole use of the
>> intended recipient(s) and may contain information that is confidential
>> and/or protected by legal privilege. Any unauthorized review, use, copy,
>> disclosure or distribution of this e-mail is strictly prohibited. If you
>> are not the intended recipient, please notify Mitel immediately and destroy
>> all copies of this e-mail.  Mitel does not accept any liability for breach
>> of security, error or virus that may result from the transmission of this
>> message.
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

-- 
This e-mail (including any attachments) is for the sole use of the intended 
recipient(s) and may contain information that is confidential and/or 
protected by legal privilege. Any unauthorized review, use, copy, 
disclosure or distribution of this e-mail is strictly prohibited. If you 
are not the intended recipient, please notify Mitel immediately and destroy 
all copies of this e-mail.  Mitel does not accept any liability for breach 
of security, error or virus that may result from the transmission of this 
message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150206/b7d8d906/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list