<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I have added this ACL topic to the meeting today so we can make sure its documented better on the wiki.<div><br></div><div>1pm CST <a href="sip:888@conference.freeswitch.org">sip:888@conference.freeswitch.org</a></div><div><br></div><div>/b</div><div><br><div>On Apr 30, 2008, at 8:14 AM, Anthony Minessale wrote:<br class="Apple-interchange-newline"><blockquote type="cite">it seems a bit confusing but if you want to do ip auth the way you describe, you actually have to disable the digest auth so that the other end is not challenged for auth credentials on top of the ip auth.<br><br>search your profile for this:<br> <br><param name="auth-calls" value="true"/><br><br>and comment it by encapsulating it in <!-- and --><br><br>then add this line:<br><br><param name="apply-inbound-acl" value="sip_ip_auth"/><br> <br>Then make sip_ip_auth by editing acl.conf.xml and add a new list to the <network-lists> tag.<br>assuming the ip you trust is <a href="http://200.2.2.2">200.2.2.2</a>:<br><br> <list name="sip_ip_auth" default="deny"><br> <node type="allow" cidr="<a href="http://200.2.2.2/32">200.2.2.2/32</a>"/><br> </list><br><br>Now all sip calls will be rejected unless they are originated by <a href="http://200.2.2.2">200.2.2.2</a><br> <br><br><br><br><div class="gmail_quote">On Tue, Apr 29, 2008 at 8:17 PM, Brian West <<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Jed,<br> here are the list of things you can do:<br> <br> 1. sip_profiles/default.xml -> change context to default and set auth-<br> calls=false<br> 2. Then you can use ${network_addr} in your conditions or the ${acl()}<br> function an example is in the default.xml dialplan.<br> <br> /b<br> <div><div></div><div class="Wj3C7c"><br> <br> On Apr 29, 2008, at 4:44 PM, Jed Stafford wrote:<br> <br> > This feel's like a very stupid question, but i've scoured for hours<br> > through the documents, and samples I can find without finding an<br> > answer. I'm assuming I'm missing something very obvious.<br> ><br> > I'm just trying to have freeswitch accept a call from a static IP<br> > address, then forward that call to a provider, essentially a very<br> > static SIP proxy.<br> ><br> > I've tried added my IP in question to the acl.xml file, but no<br> > success. All calls are rejected with a 407 Auth required.<br> ><br> > Thanks for any pointers. I think I will write a paragraph or two on<br> > this when I get it working, as it's something I think a lot of<br> > people are looking to try. Asterisk will not scale enough, and I<br> > don't want to do this via OpenSER/RTPProxy, etc.<br> ><br> ><br> > -Jed<br> ><br> </div></div>> _______________________________________________<br> > Freeswitch-users mailing list<br> > <a href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a><br> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br> > <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br> <br> <br> _______________________________________________<br> Freeswitch-users mailing list<br> <a href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a><br> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br> </blockquote></div><br><br clear="all"><br>-- <br>Anthony Minessale II<br><br>FreeSWITCH <a href="http://www.freeswitch.org/">http://www.freeswitch.org/</a><br>ClueCon <a href="http://www.cluecon.com/">http://www.cluecon.com/</a><br> <br>AIM: anthm<br><a href="mailto:MSN%3Aanthony_minessale@hotmail.com">MSN:anthony_minessale@hotmail.com</a><br>GTALK/JABBER/<a href="mailto:PAYPAL%3Aanthony.minessale@gmail.com">PAYPAL:anthony.minessale@gmail.com</a><br> IRC: <a href="http://irc.freenode.net">irc.freenode.net</a> #freeswitch<br><br>FreeSWITCH Developer Conference<br><a href="mailto:sip%3A888@conference.freeswitch.org">sip:888@conference.freeswitch.org</a><br><a href="http://iax:guest@conference.freeswitch.org/888">iax:guest@conference.freeswitch.org/888</a><br> <a href="mailto:googletalk%3Aconf%2B888@conference.freeswitch.org">googletalk:conf+888@conference.freeswitch.org</a><br>pstn:213-799-1400 _______________________________________________<br>Freeswitch-users mailing list<br><a href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org<br></blockquote></div><br><div apple-content-edited="true"> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Brian West</div><div><a href="sip:brian@freeswitch.org">sip:brian@freeswitch.org</a></div><div><br></div></div></span><br class="Apple-interchange-newline"> </div><br></div></body></html>