[Freeswitch-users] Call a remote extension on specific domain
Tanguy
phenix at vfemail.net
Mon Sep 21 23:15:43 MSD 2015
Ok thanks, i will try your dialplan.
My actuals voip productions servers ( still running asterisk ) don't use
fail2ban but i have restrictive firewall rules to allow only a
predetermined list of IP and subnets but is not a reason to not use
fail2ban on future servers.
I also think about filtering by sip domains
-A PREROUTING -i eth+ -p tcp --dport 5060:5082 -m string --string "sip:YOUR_HOSTNAME.no-ip.com" --algo bm --icase -j NEWSIP
http://blog.ls20.com/securing-your-asterisk-voip-server-with-iptables/
nibblebil will be very useful for me, because i was looking since a long
time a lightweight software ( not like astpp or a2billing ) for
disabling a extension in case of probable fraud.
On 20/09/2015 11:26, Sergey Safarov wrote:
>
>
> On Fri, Sep 18, 2015 at 8:23 PM, Tanguy <phenix at vfemail.net
> <mailto:phenix at vfemail.net>> wrote:
>
> Hello Sergey
>
> I am agree with you that my dial plan can be risky I used ACL but
> this can be not sufficient. I want to be able to call any internal
> sip extension, but i don't want that this piece dialplan to be
> usable reach external numbers.
>
>
> For extra protection, add into dialplan
>
> <extensionname="blockCallToNonExistenDomain">
> <conditionregex="any">
> <regexfield="${sip_to_host}"expression="^[\d\.]+$"/>
> <regexfield="${domain_exists(${sip_to_host})}"expression="^false$"/>
> <actionapplication="info"/>
> <actionapplication="log"
> data="ERR Unauthorised call with uuid "${uuid}" is
> processed in context "${context}"! Source IP: ${network_addr}"/>
> <actionapplication="hangup"data="INCOMING_CALL_BARRED"/>
> </condition>
> </extension>
>
> <extensionname="checkUserExist">
> <conditionfield="${user_exists(id ${destination_number}
> ${sip_to_host})}" expression="^false$">
> <actionapplication="hangup"data="UNALLOCATED_NUMBER"/>
> </condition>
> </extension>
>
>
>
> I probably need to protect theses variables ( sip_to_user must be
> only a locally registered sip extension ) or avoid using them (
> maybe using multiple conditions field for each domain ? )
>
> "user_exists" function allow you block call to non existed destination.
> On my FS host created personal dialplan for each domain. Most of
> domain related checks related located in this dialplans.
>
>
> I don't fully understand your initial example:
>
> <action application="bridge"
> data="{sip_invite_to_uri=<sip:${destination_number}@mydomain.org
> <mailto:destination_number%7D at mydomain.org>>}user/reg_user at mydomain.org
> <mailto:reg_user at mydomain.org>"/>
>
> It is copied from
> http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html
> message
> Is is response I write via my mobile phone and cannot edit correctly.
>
> What is *reg_user* for freeswitch1?
>
> reg_user related to message
> http://lists.freeswitch.org/pipermail/freeswitch-users/2015-August/115047.html
>
> What should i use on freeswitch2 dialplan to recognize the inbound
> call ?
>
> What is I may recommend to block unauthorised calls and fraud control
> I write above. Also I can recommend configure
> 1) fail2ban
> 2) nibblebill
> 3) destination_number format checks
>
>
> Thanks
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150921/5daba5b9/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list