[Freeswitch-users] IP Whitelist

Steven Ayre steveayre at gmail.com
Wed Jun 8 23:44:22 MSD 2011 

ACLs control registrations and calls, not options requests.

You'd be best off blocking sipvicious with this iptables entry:

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string
"friendly-scanner" --algo bm


-Steve


On 8 June 2011 20:11, Eric Beard <eric at loopfx.com> wrote:

> It seems I misunderstand the purpose of the acl.conf.xml file.
>
>
>
> What I want to do is create an IP whitelist, so only the IPs I designate
> get a response from FreeSwitch.  I’d like to do this with FreeSwitch rather
> than a firewall.
>
>
>
> I have this in acl.conf.xml:
>
>
>
>     <list name="domains" default="deny">
>
>       <!-- domain= is special it scans the domain from the directory to
> build the ACL -->
>
>       <node type="allow" domain="$${domain}"/>
>
>       <!-- use cidr= if you wish to allow ip ranges to this domains acl.
> -->
>
>       <node type="allow" cidr="10.1.0.0/24"/>
>
>
>
>       <!-- Broadvox DID -->
>
>       <node type="allow" cidr="209.249.3.74/32"/>
>
>     </list>
>
>
>
> I was assuming that this would only allow traffic from my local network,
> 10.1.0.0, and from the single IP 209.249.3.74
>
>
>
> But while watching sip traffic, I saw an OPTIONS request from a different
> IP (sipvicious scan).  Freeswitch happily responded to the OPTIONS with an
> OK.
>
>
>
> How can I configure it so that it ignores requests that are not on my
> whitelist?
>
>
>
> Thanks!
>
>
>
> -----------------------
>
> *Eric Z. Beard, CTO*
>
> Loop LLC
>
> w (877) 850-2010 x9249
>
> m (727) 776-2768
>
> eric at loopfx.com
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110608/5c180e3b/attachment.html

More information about the FreeSWITCH-users mailing list