<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 18, 2015 at 8:23 PM, Tanguy <span dir="ltr">&lt;<a href="mailto:phenix@vfemail.net" target="_blank">phenix@vfemail.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>Hello Sergey<br>
      <br>
      I am agree with you that my dial plan can be risky I used ACL but
      this can be not sufficient. I want to be able to call any internal
      sip extension, but i don&#39;t want that this piece dialplan to be
      usable reach external numbers. <br></div></div></blockquote><div><br></div><div>For extra protection, add into dialplan</div><div>







<p>







</p><p>







</p><p><span>&lt;extension</span><span> name</span><span>=</span>&quot;blockCallToNonExistenDomain&quot;<span>&gt;</span><span><br>
    </span><span>&lt;condition</span><span> regex</span><span>=</span>&quot;any&quot;<span>&gt;</span><span><br>
        </span><span>&lt;regex</span><span> field</span><span>=</span>&quot;${sip_to_host}&quot;<span> expression</span><span>=</span>&quot;^[\d\.]+$&quot;<span>/&gt;</span><span><br>
        </span><span>&lt;regex</span><span> field</span><span>=</span>&quot;${domain_exists(${sip_to_host})}&quot;<span> expression</span><span>=</span>&quot;^false$&quot;<span>/&gt;</span><span><br>
        </span><span>&lt;action</span><span> application</span><span>=</span>&quot;info&quot;<span>/&gt;</span><span><br>
        </span><span>&lt;action</span><span> application</span><span>=</span>&quot;log&quot;<span><br>
</span><span>            data</span><span>=</span>&quot;ERR Unauthorised call with uuid &amp;#34;${uuid}&amp;#34; is processed in context &amp;#34;${context}&amp;#34;! Source IP: ${network_addr}&quot;<span>/&gt;</span><span><br>
        </span><span>&lt;action</span><span> application</span><span>=</span>&quot;hangup&quot;<span> data</span><span>=</span>&quot;INCOMING_CALL_BARRED&quot;<span>/&gt;</span><span><br>
    </span><span>&lt;/condition&gt;</span><span><br>
</span><span>&lt;/extension&gt;</span></p></div><div>







<p><span>&lt;extension</span><span> name</span><span>=</span>&quot;checkUserExist&quot;<span>&gt;</span><span><br>
    </span><span>&lt;condition</span><span> field</span><span>=</span>&quot;${user_exists(id ${destination_number} ${sip_to_host})}&quot; <span>expression</span><span>=</span>&quot;^false$&quot;<span>&gt;</span><span><br>
        </span><span>&lt;action</span><span> application</span><span>=</span>&quot;hangup&quot;<span> data</span><span>=</span>&quot;UNALLOCATED_NUMBER&quot;<span>/&gt;</span><span><br>
    </span><span>&lt;/condition&gt;</span><span><br>
</span><span>&lt;/extension&gt;</span></p></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
      <br>
      I probably need to protect theses variables ( sip_to_user must be
      only a locally registered sip extension )  or avoid using them (
      maybe using multiple conditions field for each domain ? )<br></div></div></blockquote><div>&quot;user_exists&quot; function allow you block call to non existed destination.</div><div>On my FS host created personal dialplan for each domain. Most of domain related checks related located in this dialplans.</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
      <br>
      I don&#39;t fully understand your initial example:<span><br>
      <br>
      <font face="Courier New, Courier, monospace">&lt;action
        application=&quot;bridge&quot; data=&quot;{sip_invite_to_uri=&lt;sip:${<a href="mailto:destination_number%7D@mydomain.org" target="_blank">destination_number}@mydomain.org</a>&gt;}user/<a href="mailto:reg_user@mydomain.org" target="_blank">reg_user@mydomain.org</a>&quot;/&gt;</font></span></div></div></blockquote><div>It is copied from <a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a> message</div><div>Is is response I write via my mobile phone and cannot edit correctly.</div><div>  </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div><span></span>
      What is <b>reg_user</b> for freeswitch1?<br></div></div></blockquote><div>reg_user related to message <a href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a></div><div> </div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">What should i use on freeswitch2 dialplan to recognize the inbound call ?</div></blockquote><div>What is I may recommend to block unauthorised calls and fraud control I write above. Also I can recommend configure</div><div>1) fail2ban</div><div>2) nibblebill</div><div>3) destination_number format checks</div><div> <br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><div>
      <br>
      Thanks<span><br></span></div></div></blockquote></div><br></div></div>