Georg,<br><br>Once you've created the ACLs in acl.conf.xml you then need to apply them in the SIP profiles. Look in conf/sip_profiles/internal.xml and you'll see that there are parameters for applying ACLs for various types of security. Specifically look for:<br>
<br>apply-inbound-acl<br>apply-register-acl<br><br>-MC<br><br><div class="gmail_quote">On Tue, Jan 24, 2012 at 4:33 PM, <span dir="ltr"><<a href="mailto:georg@riseup.net">georg@riseup.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
I've got a server running FS with five nets associated. There are just<br>
two, from where I receive calls and my phones are registering.<br>
<br>
I would like to exclude all the nets by default from being allowed to<br>
contact / register at FS, and only allow<br>
<br>
- one net 172.251.X.XXX<br>
- one net 192.168.X.XXX<br>
<br>
I tried achieving this trough acl.conf, however, had no success.<br>
I disabled NAT at startup trough -nonat.<br>
<br>
'sofia status profile internal' is showing me a public ip of my server<br>
next to "Pres Hosts" (but also one ip out of the mentioned 192.168.X.XXX<br>
net, which is fine).<br>
<br>
In internal.xml, I set rtp-ip and sip-ip to this (correct) ip.<br>
<br>
I think my main mistake is that I don't understand how things are handled<br>
in acl.conf. So far it looks like this:<br>
<br>
<configuration name="acl.conf" description="Network Lists"><br>
<network-lists><br>
<list name="localnet.auto" default="deny"><br>
<node type="allow" cidr="192.168.X.X/24"/><br>
<node type="deny" cidr="Public IP/29"/><br>
</list><br>
<list name="domains" default="deny"><br>
<node type="allow" domain="192.168.X.XX"/><br>
<node type="allow" cidr="192.168.X.X/24"/><br>
</list><br>
</network-lists><br>
</configuration><br>
<br>
Thanks in advance,<br>
Georg<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br>