[Freeswitch-users] Enabling extensions with passwords and limiting network access via acls (Was: Confusing SIP auth failure logging message?)

[Simon J Mudd]

I don't think I got a definitive answer to the question I posed before:

sjmudd at pobox.com (Simon J Mudd) writes:

...

> That is I have an Asterisk configuration which I am trying to
> migrate from and can easily configure in sip.conf:
> 
> [1000]
> username=1000
> type=friend
> secret=1234567890
> context=xxxxxx
> host=dynamic
> registersip=yes
> deny=0.0.0.0/0.0.0.0
> permit=88.100.50.0/255.255.255.0  -- this is not a real network range but you get the idea.
> nat=yes
> call-limit=1
> ...
> 
> This specifies a user for registration who:
> (1) must provide a password
> (2) can only register from the given network range
> (3) is only allowed to make 1 call at a time

I see that there are ways to implement (3) though it seems that's more on
a per gateway basis than a per extension basis. That's ok.

What really interests me is implementing (1) _and_ (2) together.  Is this
possible? If not it would certainly be a nice new feature.

Perhaps the default FreeSWITCH configuration should limit access to
the default extensions to be registered only from the networks defined
in localnet.auto.  This reduces exposure to external bad
software.

Even if I can configure this extra limitation myself manually I'd be
happy as this would basically leave me more comfortable with
FreeSWITCH running unattended. I'm not confident to do that now if I
configure any gateways due to the issues I've had before.

Simon