[Freeswitch-users] ACL not working

Diego Viola diego.viola at gmail.com
Tue Apr 21 03:20:44 PDT 2009 

If I make any changes on the acl.conf.xml, it doesn't take any effect.

Why is that? What am I doing wrong?

Diego

On Tue, Apr 21, 2009 at 5:29 AM, Diego Viola <diego.viola at gmail.com> wrote:

> More info:
>
>   <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
>     <!-- <param name="accept-blind-reg" value="true"/> -->
>     <!-- <param name="accept-blind-auth" value="true"/> -->
>
> So any ideas?
>
>
> On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.viola at gmail.com>wrote:
>
>> Hey guys,
>>
>> I'm currently testing FS inside a LAN. FreeSWITCH is running on
>> 192.168.0.101 and my softphone is on 192.168.0.100.
>>
>> I can register and make calls just fine, but I want to deny everything in
>> order to learn how the ACL works.
>>
>> I have this on the internal profile:
>>
>>     <param name="apply-nat-acl" value="rfc1918"/>
>>     <param name="apply-inbound-acl" value="domains"/>
>>     <param name="apply-register-acl" value="domains"/>
>>
>> And this is how my acl.conf.xml looks, it's all set to deny:
>>
>> <configuration name="acl.conf" description="Network Lists">
>>   <network-lists>
>>
>>     <list name="dl-candidates" default="deny">
>>       <node type="deny" cidr="10.0.0.0/8"/>
>>       <node type="deny" cidr="172.16.0.0/12"/>
>>       <node type="deny" cidr="192.168.0.0/16"/>
>>     </list>
>>
>>     <list name="rfc1918" default="deny">
>>       <node type="deny" cidr="10.0.0.0/8"/>
>>       <node type="deny" cidr="172.16.0.0/12"/>
>>       <node type="deny" cidr="192.168.0.0/16"/>
>>     </list>
>>
>>     <list name="lan" default="deny">
>>       <node type="deny" cidr="192.168.42.0/24"/>
>>       <node type="deny" cidr="192.168.42.42/32"/>
>>     </list>
>>
>>     <list name="strict" default="deny">
>>       <node type="deny" cidr="208.102.123.124/32"/>
>>     </list>
>>     <!--
>>         This will traverse the directory adding all users
>>         with the cidr= tag to this ACL, when this ACL matches
>>         the users variables and params apply as if they
>>         digest authenticated.
>>     -->
>>     <list name="domains" default="deny">
>>       <node type="deny" domain="$${domain}"/>
>>       <node type="deny" cidr="192.168.0.0/24"/>
>>     </list>
>>
>>   </network-lists>
>> </configuration>
>>
>> But I'm still allowed to register with the 1000 user and make calls, to
>> the conference extension, etc... I can't understand this, if it's all to
>> deny and the cidr is set to 192.168.0.0/24 on the "domains" context,
>> which is what hte profile uses, shouldn't the registration/call be denied. I
>> have tried many conbinations but whenever I change something it wont make
>> any difference.
>>
>> Please help me.
>>
>> Thanks,
>>
>> Diego
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090421/da4c85a7/attachment-0002.html

More information about the FreeSWITCH-users mailing list