<div dir="ltr">I&#39;d go with a Jira. Either it&#39;s an oversight, or there&#39;s a reason for it that can be tracked in Jira and then the wiki updated referencing the ticket.</div><div class="gmail_extra"><br><br><div class="gmail_quote">

On 5 May 2014 21:38, Victor Chukalovskiy <span dir="ltr">&lt;<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000">

    <div>Alright, thank you! Domains ACL works

      BUT requires &quot;users&quot; to be in &quot;groups&quot;. If &quot;users&quot; are directly in

      the &quot;domain&quot; section, ACL remains empty.<br>

      <br>

      This is contradictory to the WiKi saying that: &quot;Using groups is

      optional -- you can put your users straight into the domain

      section if you desire&quot;. Should I file Jira or should I edit WiKi

      instead? :)<br>

      <br>

      With regards to directory, I intend to keep it minimalistic:<br>

      <br>

      &lt;user id=&quot;foo&quot; cidr=&quot;<a href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>&quot;&gt;<br>

        &lt;variables&gt;<br>

          &lt;variable name=&quot;accountcode&quot; value=&quot;customer_1&quot;/&gt;<br>

        &lt;/variables&gt;<br>

      &lt;/user&gt;<br>

      <br>

      Will someone from a different CIDR be able to place calls as user

      &quot;foo&quot; bypassing any authentication? Note that I don&#39;t set any

      password in params.<br>

      If so, how to secure this on the SIP profile level and keep user

      entries as concise as possible?<br>

      <br>

      Thanks again!<span class="HOEnZb"><font color="#888888"><br>

      -Victor</font></span><div><div class="h5"><br>

      <br>

      On 14-05-05 12:24 PM, Steven Ayre wrote:<br>

    </div></div></div><div><div class="h5">

    <blockquote type="cite">

      <div dir="ltr">You need this:

        <div>    &lt;param name=&quot;apply-inbound-acl&quot; value=&quot;domains&quot;/&gt;<br>

        </div>

        <div><br>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">On 5 May 2014 17:13, Victor

          Chukalovskiy <span dir="ltr">&lt;<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>&gt;</span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>

            <br>

            Coming from wholesale background, my FS&#39;s run without any

            registrations.<br>

            So far everything was ACL-based using &quot;apply-inbound-acl&quot;

            and I did not<br>

            use any directory entries.<br>

            <br>

            The only problem with this is that once I have all IPs

            together in one<br>

            big ALC, I can&#39;t identify which customer the call came from.

            E.g. need<br>

            to set my_channel_variable=customer1 if a call came from

            particular IPs<br>

            and my_channel_variable=customer2 if a call came from other

            IPs.<br>

            <br>

            So I&#39;m trying to move ACL logic into directory by means of

            defining a<br>

            user with cidr attribute. So far, no matter what I do FS

            challenges<br>

            INVITE with &quot;407&quot; even-though the INVITE comes from the IP

            that is<br>

            included in CIDR attribute for a user. I suppose for

            whatever reason<br>

            switch does not match INVITEs against CIDR&#39;s in the

            directory. Please<br>

            help me with that. WiKi is written from a somewhat different

            logic /<br>

            perspective, so it&#39;s hard to apply.<br>

            <br>

            My SIP profile is:<br>

            <br>

            &lt;profile name=&quot;test&quot;&gt;<br>

               &lt;gateways&gt;<br>

               &lt;/gateways&gt;<br>

               &lt;domains&gt;<br>

               &lt;/domains&gt;<br>

               &lt;settings&gt;<br>

                 &lt;param name=&quot;parse-invite-tel-params&quot;

            value=&quot;true&quot;/&gt;<br>

                 &lt;param name=&quot;user-agent-string&quot; value=&quot;test&quot;/&gt;<br>

                 &lt;param name=&quot;debug&quot; value=&quot;0&quot;/&gt;<br>

                 &lt;param name=&quot;sip-trace&quot; value=&quot;no&quot;/&gt;<br>

                 &lt;param name=&quot;log-auth-failures&quot; value=&quot;true&quot;/&gt;<br>

                 &lt;param name=&quot;rfc2833-pt&quot; value=&quot;101&quot;/&gt;<br>

                 &lt;param name=&quot;sip-port&quot; value=&quot;5060&quot;/&gt;<br>

                 &lt;param name=&quot;dialplan&quot; value=&quot;XML&quot;/&gt;<br>

                 &lt;param name=&quot;context&quot; value=&quot;test&quot;/&gt;<br>

                 &lt;param name=&quot;country&quot; value=&quot;e164&quot;/&gt;<br>

                 &lt;param name=&quot;dtmf-duration&quot; value=&quot;2000&quot;/&gt;<br>

                 &lt;param name=&quot;inbound-codec-prefs&quot;

            value=&quot;$${default_codec_prefs}&quot;/&gt;<br>

                 &lt;param name=&quot;outbound-codec-prefs&quot;

            value=&quot;$${default_codec_prefs}&quot;/&gt;<br>

                 &lt;param name=&quot;caller-id-type&quot; value=&quot;none&quot;/&gt;<br>

                 &lt;param name=&quot;rtp-timer-name&quot; value=&quot;soft&quot;/&gt;<br>

                 &lt;param name=&quot;rtp-ip&quot; value=&quot;192.168.1.2&quot;/&gt;<br>

                 &lt;param name=&quot;sip-ip&quot; value=&quot;192.168.1.2&quot;/&gt;<br>

                 &lt;param name=&quot;manage-presence&quot; value=&quot;false&quot;/&gt;<br>

                 &lt;param name=&quot;manage-shared-appearance&quot;

            value=&quot;false&quot;/&gt;<br>

                 &lt;param name=&quot;inbound-codec-negotiation&quot;

            value=&quot;greedy&quot;/&gt;<br>

                 &lt;param name=&quot;disable-transcoding&quot; value=&quot;true&quot;/&gt;<br>

                 &lt;param name=&quot;manual-redirect&quot; value=&quot;false&quot;/&gt;<br>

                 &lt;param name=&quot;disable-transfer&quot; value=&quot;true&quot;/&gt;<br>

                 &lt;param name=&quot;disable-register&quot; value=&quot;false&quot;/&gt;<br>

                 &lt;param name=&quot;auth-calls&quot; value=&quot;true&quot;/&gt;<br>

                 &lt;param name=&quot;rtp-timeout-sec&quot; value=&quot;300&quot;/&gt;<br>

                 &lt;param name=&quot;rtp-hold-timeout-sec&quot; value=&quot;1800&quot;/&gt;<br>

                 &lt;param name=&quot;pass-callee-id&quot; value=&quot;false&quot;/&gt;<br>

               &lt;/settings&gt;<br>

            &lt;/profile&gt;<br>

            <br>

            <br>

            Thanks!<br>

            -Victor<br>

            <br>

            <br>

            <br>

            <br>

_________________________________________________________________________<br>

            Professional FreeSWITCH Consulting Services:<br>

            <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

            <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

            <br>

            FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

            <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

            <br>

            Official FreeSWITCH Sites<br>

            <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

            <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

            <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

            <br>

            FreeSWITCH-users mailing list<br>

            <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

            <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

            UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

            <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

          </blockquote>

        </div>

        <br>

      </div>

      <br>

      <fieldset></fieldset>

      <br>

      <pre>_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>

Official FreeSWITCH Sites

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>

FreeSWITCH-users mailing list

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>

</pre>

    </blockquote>

    <br>

  </div></div></div>

<br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<br></blockquote></div><br></div>