[Freeswitch-users] Filtering UA's IP

Juan Pablo L. jpablolorenzetti at hotmail.com
Sat Sep 26 21:15:31 MSD 2015


Hi Ken, thank you for your feedback, you are right, even though it would have to be done by hand (maintenaning the ip tables) it is completely doable
but i had a wrong impression on how the sip profiles worked together with lua to capture the 'register' requests and filter the bad ones out,
so i took a wrong design decision earlier by coupling that service with others in the same profile and putting a FW in front filtering IP would have
affected the other services on the same profile, but it is clear now and all you mentioned could  be implemented easily as well. thank you for your suggestions.

From: krice at freeswitch.org
To: freeswitch-users at lists.freeswitch.org
Date: Sat, 26 Sep 2015 11:06:54 -0500
Subject: Re: [Freeswitch-users] Filtering UA's IP

Why can’t you use a firewall? Pretty much every firewall that I know of allows you to define not just which hosts, but which ports to filter. Example lets just say 10.0.0.0/8 is a bad actor region, but you still want to allow them to send email and visit the website. You block src IP 10.0.0.0/8 to dst port 5060, 5080 etcAnd allow that same block to still hit port 25 (STMP) along with 80 and 443 (http/https respectively)   From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Juan Pablo L.
Sent: Saturday, September 26, 2015 1:12 AM
To: freeswitch-users at lists.freeswitch.org
Subject: [Freeswitch-users] Filtering UA's IP Hi, is there any way on freeswitch to forbid registration (or any connection) from certain regions in the world ? .. 
what i need to accomplish is to prevent people from connecting from my same country as we have a voip service
that is supposed to be accessed only when you are out of the country so i need to validate the UA's ip when registering.
I can not use a router or FW or any other thing in front of the freeswitch because the same freeswitch  also serves 
other services that do not have this  restriction. This restriction only affects users in one profile only. 
I m aware that i could capture the registrations using a lua script and i guess from there i could consult
a GeoIP database etc etc but that affects all profiles and not only this particular profile of this particular service
and that could be a performance hit for the service as a whole so i would like to avoid that.

thank you!
_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150926/a97cf002/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list