[Freeswitch-users] Filtering UA's IP

Ken Rice krice at freeswitch.org
Sat Sep 26 20:06:54 MSD 2015


Why can't you use a firewall? Pretty much every firewall that I know of
allows you to define not just which hosts, but which ports to filter.

 

Example lets just say 10.0.0.0/8 is a bad actor region, but you still want
to allow them to send email and visit the website.

 

You block src IP 10.0.0.0/8 to dst port 5060, 5080 etc

And allow that same block to still hit port 25 (STMP) along with 80 and 443
(http/https respectively)

 

 

 

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Juan
Pablo L.
Sent: Saturday, September 26, 2015 1:12 AM
To: freeswitch-users at lists.freeswitch.org
Subject: [Freeswitch-users] Filtering UA's IP

 

Hi, is there any way on freeswitch to forbid registration (or any
connection) from certain regions in the world ? .. 
what i need to accomplish is to prevent people from connecting from my same
country as we have a voip service
that is supposed to be accessed only when you are out of the country so i
need to validate the UA's ip when registering.
I can not use a router or FW or any other thing in front of the freeswitch
because the same freeswitch  also serves 
other services that do not have this  restriction. This restriction only
affects users in one profile only. 
I m aware that i could capture the registrations using a lua script and i
guess from there i could consult
a GeoIP database etc etc but that affects all profiles and not only this
particular profile of this particular service
and that could be a performance hit for the service as a whole so i would
like to avoid that.

thank you!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150926/7b17ee1c/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list