<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 18, 2015 at 8:23 PM, Tanguy <span dir="ltr"><<a href="mailto:phenix@vfemail.net" target="_blank">phenix@vfemail.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hello Sergey<br>
<br>
I am agree with you that my dial plan can be risky I used ACL but
this can be not sufficient. I want to be able to call any internal
sip extension, but i don't want that this piece dialplan to be
usable reach external numbers. <br></div></div></blockquote><div><br></div><div>For extra protection, add into dialplan</div><div>
<p>
</p><p>
</p><p><span><extension</span><span> name</span><span>=</span>"blockCallToNonExistenDomain"<span>></span><span><br>
</span><span><condition</span><span> regex</span><span>=</span>"any"<span>></span><span><br>
</span><span><regex</span><span> field</span><span>=</span>"${sip_to_host}"<span> expression</span><span>=</span>"^[\d\.]+$"<span>/></span><span><br>
</span><span><regex</span><span> field</span><span>=</span>"${domain_exists(${sip_to_host})}"<span> expression</span><span>=</span>"^false$"<span>/></span><span><br>
</span><span><action</span><span> application</span><span>=</span>"info"<span>/></span><span><br>
</span><span><action</span><span> application</span><span>=</span>"log"<span><br>
</span><span> data</span><span>=</span>"ERR Unauthorised call with uuid &#34;${uuid}&#34; is processed in context &#34;${context}&#34;! Source IP: ${network_addr}"<span>/></span><span><br>
</span><span><action</span><span> application</span><span>=</span>"hangup"<span> data</span><span>=</span>"INCOMING_CALL_BARRED"<span>/></span><span><br>
</span><span></condition></span><span><br>
</span><span></extension></span></p></div><div>
<p><span><extension</span><span> name</span><span>=</span>"checkUserExist"<span>></span><span><br>
</span><span><condition</span><span> field</span><span>=</span>"${user_exists(id ${destination_number} ${sip_to_host})}" <span>expression</span><span>=</span>"^false$"<span>></span><span><br>
</span><span><action</span><span> application</span><span>=</span>"hangup"<span> data</span><span>=</span>"UNALLOCATED_NUMBER"<span>/></span><span><br>
</span><span></condition></span><span><br>
</span><span></extension></span></p></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
<br>
I probably need to protect theses variables ( sip_to_user must be
only a locally registered sip extension ) or avoid using them (
maybe using multiple conditions field for each domain ? )<br></div></div></blockquote><div>"user_exists" function allow you block call to non existed destination.</div><div>On my FS host created personal dialplan for each domain. Most of domain related checks related located in this dialplans.</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
<br>
I don't fully understand your initial example:<span><br>
<br>
<font face="Courier New, Courier, monospace"><action
application="bridge" data="{sip_invite_to_uri=<sip:${<a href="mailto:destination_number%7D@mydomain.org" target="_blank">destination_number}@mydomain.org</a>>}user/<a href="mailto:reg_user@mydomain.org" target="_blank">reg_user@mydomain.org</a>"/></font></span></div></div></blockquote><div>It is copied from <a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a> message</div><div>Is is response I write via my mobile phone and cannot edit correctly.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div><span></span>
What is <b>reg_user</b> for freeswitch1?<br></div></div></blockquote><div>reg_user related to message <a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a></div><div> </div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">What should i use on freeswitch2 dialplan to recognize the inbound call ?</div></blockquote><div>What is I may recommend to block unauthorised calls and fraud control I write above. Also I can recommend configure</div><div>1) fail2ban</div><div>2) nibblebill</div><div>3) destination_number format checks</div><div> <br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
<br>
Thanks<span><br></span></div></div></blockquote></div><br></div></div>