[Freeswitch-users] ACL question

Seven Du dujinfang at gmail.com
Sun Jul 28 18:28:54 MSD 2013


I know ACL is to block or allow an IP to reg or call. But in practise, if an IP is allowed then it won't check the User directory again so cannot match to the user info stored in the user directory and dialplan route to the public context.

      <node type="allow" cidr=""/>

2013-07-28 22:11:04.647358 [DEBUG] sofia.c:7915 IP Approved by acl "domains[]". Access Granted.

If I set the cidr attribute in the user directory, but it seems been parsed to the ACL so it also allows any other users to reg or call from that url. Below is a log that shows Access Granted when I actually set the cidr to 1000 but calling with 1001. FS doesn't challenge 1001.

2013-07-28 22:07:14.347320 [DEBUG] sofia.c:7915 IP Approved by acl "domains[1000 at (mailto:1000 at]". Access Granted.
2013-07-28 22:07:14.347320 [DEBUG] sofia.c:8045 Authenticating user 1000 at (mailto:1000 at

Is it a problem?

Is it possible to check the ip *and* the user? e.g. user 1000 can only reg from ip IP with password 1234.


Seven Du

Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130728/589cb17e/attachment.html 

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list