<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Ok thanks, i will try your dialplan.<br>
<br>
My actuals voip productions servers ( still running asterisk )
don't use fail2ban but i have restrictive firewall rules to allow
only a predetermined list of IP and subnets but is not a reason to
not use fail2ban on future servers.<br>
<br>
I also think about filtering by sip domains<br>
<pre class="notranslate">-A PREROUTING -i eth+ -p tcp --dport 5060:5082 -m string --string "sip:YOUR_HOSTNAME.no-ip.com" --algo bm --icase -j NEWSIP</pre>
<a class="moz-txt-link-freetext" href="http://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/">http://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/</a><br>
<br>
<br>
nibblebil will be very useful for me, because i was looking since
a long time a lightweight software ( not like astpp or a2billing )
for disabling a extension in case of probable fraud.<br>
<br>
<br>
<br>
On 20/09/2015 11:26, Sergey Safarov wrote:<br>
</div>
<blockquote
cite="mid:CAHtxdDfxiCc=8UGZLFtn6Nt5YkSK5WiJm6=9aCooW99KHT=k8A@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Sep 18, 2015 at 8:23 PM,
Tanguy <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:phenix@vfemail.net" target="_blank">phenix@vfemail.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hello Sergey<br>
<br>
I am agree with you that my dial plan can be risky I
used ACL but this can be not sufficient. I want to be
able to call any internal sip extension, but i don't
want that this piece dialplan to be usable reach
external numbers. <br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>For extra protection, add into dialplan</div>
<div>
<p>
</p>
<p>
</p>
<p><span><extension</span><span> name</span><span>=</span>"blockCallToNonExistenDomain"<span>></span><span><br>
</span><span><condition</span><span> regex</span><span>=</span>"any"<span>></span><span><br>
</span><span><regex</span><span> field</span><span>=</span>"${sip_to_host}"<span>
expression</span><span>=</span>"^[\d\.]+$"<span>/></span><span><br>
</span><span><regex</span><span> field</span><span>=</span>"${domain_exists(${sip_to_host})}"<span>
expression</span><span>=</span>"^false$"<span>/></span><span><br>
</span><span><action</span><span>
application</span><span>=</span>"info"<span>/></span><span><br>
</span><span><action</span><span>
application</span><span>=</span>"log"<span><br>
</span><span> data</span><span>=</span>"ERR
Unauthorised call with uuid &#34;${uuid}&#34; is
processed in context &#34;${context}&#34;!
Source IP: ${network_addr}"<span>/></span><span><br>
</span><span><action</span><span>
application</span><span>=</span>"hangup"<span> data</span><span>=</span>"INCOMING_CALL_BARRED"<span>/></span><span><br>
</span><span></condition></span><span><br>
</span><span></extension></span></p>
</div>
<div>
<p><span><extension</span><span> name</span><span>=</span>"checkUserExist"<span>></span><span><br>
</span><span><condition</span><span> field</span><span>=</span>"${user_exists(id
${destination_number} ${sip_to_host})}" <span>expression</span><span>=</span>"^false$"<span>></span><span><br>
</span><span><action</span><span>
application</span><span>=</span>"hangup"<span> data</span><span>=</span>"UNALLOCATED_NUMBER"<span>/></span><span><br>
</span><span></condition></span><span><br>
</span><span></extension></span></p>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
I probably need to protect theses variables (
sip_to_user must be only a locally registered sip
extension ) or avoid using them ( maybe using
multiple conditions field for each domain ? )<br>
</div>
</div>
</blockquote>
<div>"user_exists" function allow you block call to non
existed destination.</div>
<div>On my FS host created personal dialplan for each
domain. Most of domain related checks related located in
this dialplans.</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
I don't fully understand your initial example:<span><br>
<br>
<font face="Courier New, Courier, monospace"><action
application="bridge"
data="{sip_invite_to_uri=<sip:${<a
moz-do-not-send="true"
href="mailto:destination_number%7D@mydomain.org"
target="_blank">destination_number}@mydomain.org</a>>}user/<a
moz-do-not-send="true"
href="mailto:reg_user@mydomain.org"
target="_blank">reg_user@mydomain.org</a>"/></font></span></div>
</div>
</blockquote>
<div>It is copied from <a moz-do-not-send="true"
href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a>
message</div>
<div>Is is response I write via my mobile phone and cannot
edit correctly.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div><span></span> What is <b>reg_user</b> for
freeswitch1?<br>
</div>
</div>
</blockquote>
<div>reg_user related to message <a moz-do-not-send="true"
href="http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html">http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html</a></div>
<div> </div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">What should i use
on freeswitch2 dialplan to recognize the inbound call
?</div>
</blockquote>
<div>What is I may recommend to block unauthorised calls
and fraud control I write above. Also I can recommend
configure</div>
<div>1) fail2ban</div>
<div>2) nibblebill</div>
<div>3) destination_number format checks</div>
<div> <br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div> <br>
Thanks<span><br>
</span></div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</body>
</html>