[Freeswitch-users] Is there a way to update mod_event_socket with a new apply-inbound-acl list without restarting freeswitch?

Steven Szeto steven.szeto at mitel.com
Fri Nov 20 23:34:41 MSK 2015


Thanks, Anthony. Your comments were very helpful.

Just to close off on this thread, here are the steps we used during testing:

How to make an app connect to a remote freeswitch:


1-      In Event_socket.conf.xml

Set the listen-ip attribute to 0.0.0.0:  <param name="listen-ip" value="0.0.0.0"/>

Add <param name="apply-inbound-acl" value="AllowedIP"/>



2-      In acl.conf.xml add the following:
        <list name="AllowedIP" default="deny">
                                <node type="allow" cidr="xx.xx.xx.xx/32"/>     (Where xx.xx.xx.xx is the ip address where the app resides)
                </list>


From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Anthony Minessale
Sent: Thursday, November 19, 2015 5:12 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Is there a way to update mod_event_socket with a new apply-inbound-acl list without restarting freeswitch?

If you dont reuse the name localnet.auto and make your own list name in acl.conf  it will update when you do reloadacl.  The only thing the mod is storing is the name and it looks it up every time.  .auto lists are generated by the core once.

Never manually modify any .auto list name.



On Thursday, November 19, 2015, Sergey Safarov <s.safarov at gmail.com<mailto:s.safarov at gmail.com>> wrote:
Execute "reload mod_event_socket" from console.
Console will be disconnected, but FS is still ruined.
Then simple reconnect to FS

On Thu, Nov 19, 2015 at 11:49 PM, Steven Szeto <steven.szeto at mitel.com<javascript:_e(%7B%7D,'cvml','steven.szeto at mitel.com');>> wrote:
Hi,

Suppose a freeswitch configuration has the following defined in event_socket.conf.xml:

<configuration name="event_socket.conf" description="Socket Client">
  <settings>
    <param name="nat-map" value="false"/>
    <param name="listen-ip" value="0.0.0.0"/>
    <param name="listen-port" value="8021"/>
    <param name="password" value="ClueCon"/>
    <!--<param name="stop-on-bind-error" value="true"/>-->

     <param name="apply-inbound-acl" value="localnet.auto"/>
                <list name="localnet.auto" default="allow">
                                <node type="allow" cidr="10.47.26.28/32<http://10.47.26.28/32>"/>
                </list>
  </settings>
</configuration>

The above configuration will allow a remote PC with an IP address of 10.47.26.28 to issue commands to freeswitch (e.g. bgapi).

Now, suppose we wanted to update the apply-inbound-acl list like this:

     <param name="apply-inbound-acl" value="localnet.auto"/>
                <list name="localnet.auto" default="allow">
                                <node type="allow" cidr="10.47.26.28/32<http://10.47.26.28/32>"/>
                                <node type="allow" cidr="10.47.26.44/32<http://10.47.26.44/32>"/>
                </list>

The list has been updated to allow a remote PC with an IP address of 10.47.26.44 to connect to freeswitch.

The only way to get this to work is to restart freeswitch. We were wondering if there is another way that would not require a stop & start of freeswitch.

The following has already been tried:


-          Moved the apply-inbound-acl to acl.conf.xml. Invoke the “reloadxml” and “reloadacl” commands

Thanks,
Steve
________________________________
NOTE: This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--
Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬

☞ http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
☞ irc.freenode.net<http://irc.freenode.net> #freeswitch ☞ http://freeswitch.org/g+
ClueCon Weekly Development Call
☎ sip:888 at conference.freeswitch.org<mailto:sip%3A888 at conference.freeswitch.org>  ☎ +19193869900

https://www.youtube.com/watch?v=9XXgW34t40s
https://www.youtube.com/watch?v=NLaDpGQuZDA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151120/69ad7770/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list