<div dir="ltr"><div dir="ltr">Hi there<div><br></div><div>It must work fine. I've just tested it:</div><div><br></div><div>kamailio.cfg</div><div> xinfo("Checking source IP $si");<br> secf_check_ip();<br> xinfo("Result of sec_check_ip: $?");<br></div><div><br></div><div>kamailio.log</div><div> Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Checking source IP 85.XXX.YYY.54<br> Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Result of sec_check_ip: 2<br></div><div><br></div><div># kamcmd secfilter.print ip<br>IP Address<br>==========<br>[+] Blacklisted<br> -----------<br><br></div><div>[+] Whitelisted<br> -----------<br> 0001 -> 85.XXX.YYY.54<br></div><div><br></div><div>Are you sure that the secf_check_ip() function is executed? Could you put a log before or after to verify it?</div><div><br></div><div>On the other hand, 0 is not a possible return value. If the IP address is not found, the return value will be 1:<br></div><div><br></div><div><div><img src="cid:ii_kdrgvz8z0" alt="image.png" width="503" height="223"><br></div></div><div><br></div><div>Regards</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <<a href="mailto:mckaygerhard@gmail.com">mckaygerhard@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>I implemented secfilter in a simple way, in first step routing put that conditional for black list check that already works:</div><div><br style="box-sizing:border-box;color:rgb(68,68,68);font-family:-apple-system,BlinkMacSystemFont,Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI","Segoe UI Emoji","Segoe UI Symbol","Meiryo UI";font-size:14px;background-color:rgba(0,0,0,0.05)"><pre style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:11.375px;display:inline-block;width:700px;color:rgb(68,68,68);background-color:rgba(0,0,0,0.05)"><code style="box-sizing:border-box;margin:5px 0px;padding:0.5em;vertical-align:middle;border:1px solid rgb(204,204,204);font-size:13px;display:block;overflow:auto hidden;color:rgb(51,51,51);background:rgb(248,248,248);white-space:pre-wrap;border-radius:4px;font-family:Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;font-weight:600;direction:ltr;unicode-bidi:embed"><span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px">```<br style="box-sizing:border-box"></span> <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">secf_check_ip</span>();
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">if</span> ($? == -<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(0,128,128)">2</span>) {
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">xlog</span>(<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(221,17,68)">"L_ALERT"</span>, <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(221,17,68)">"$rm from $si is blacklisted"</span>);
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">drop</span>();
}
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px"><br style="box-sizing:border-box">```</span></code></pre><br style="box-sizing:border-box;color:rgb(68,68,68);font-family:-apple-system,BlinkMacSystemFont,Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI","Segoe UI Emoji","Segoe UI Symbol","Meiryo UI";font-size:14px;background-color:rgba(0,0,0,0.05)"><br>BUT NOW i want to change to whitelick checks, so i reviewed the docs and "2" is resulting for whitelist, so then i said "if not whitelisted so block" using "!= 2" as on <a href="https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators" target="_blank">https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators</a> BUT SEEMS DOES NOT WORK: that is the code:<br style="box-sizing:border-box;color:rgb(68,68,68);font-family:-apple-system,BlinkMacSystemFont,Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI","Segoe UI Emoji","Segoe UI Symbol","Meiryo UI";font-size:14px;background-color:rgba(0,0,0,0.05)"><pre style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:11.375px;display:inline-block;width:700px;color:rgb(68,68,68);background-color:rgba(0,0,0,0.05)"><code style="box-sizing:border-box;margin:5px 0px;padding:0.5em;vertical-align:middle;border:1px solid rgb(204,204,204);font-size:13px;display:block;overflow:auto hidden;color:rgb(51,51,51);background:rgb(248,248,248);white-space:pre-wrap;border-radius:4px;font-family:Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;font-weight:600;direction:ltr;unicode-bidi:embed"><span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px">```<br style="box-sizing:border-box"></span> <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">secf_check_ip</span>();
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">if</span> ($? != <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(0,128,128)">2</span>) {
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">xlog</span>(<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(221,17,68)">"L_ALERT"</span>, <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;color:rgb(221,17,68)">"$rm from $si is not in whitelist, block"</span>);
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">drop</span>();
}
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px"><br style="box-sizing:border-box">```</span></code></pre><br style="box-sizing:border-box;color:rgb(68,68,68);font-family:-apple-system,BlinkMacSystemFont,Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI","Segoe UI Emoji","Segoe UI Symbol","Meiryo UI";font-size:14px;background-color:rgba(0,0,0,0.05)"><br></div><div>when i tested all the calls passed not matter if are in the table or not as whitelist!</div><div><br></div><div>I want able to call only if are present and whitelisted the ip address.. so i also tested with:</div><div><div><pre style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:11.375px;display:inline-block;width:700px;background-color:rgba(0,0,0,0.05)"><code style="box-sizing:border-box;margin:5px 0px;padding:0.5em;vertical-align:middle;border:1px solid rgb(204,204,204);font-size:13px;display:block;overflow:auto hidden;background:rgb(248,248,248);white-space:pre-wrap;border-radius:4px;font-family:Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;font-weight:600;direction:ltr;unicode-bidi:embed"><span style="color:rgb(51,51,51)"><span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px">```<br style="box-sizing:border-box"></span> <span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">secf_check_ip</span>();
<span style="box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">if</span> ($? == </span><font color="#008080">0</font><font color="#333333">) {
</font><span style="color:rgb(51,51,51);box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">xlog</span><font color="#333333">(</font><span style="color:rgb(221,17,68);box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">"L_ALERT"</span><font color="#333333">, </font><span style="color:rgb(221,17,68);box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">"$rm from $si is not present, so block"</span><font color="#333333">);
</font><span style="color:rgb(51,51,51);box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid">drop</span><font color="#333333">();
}
</font><span style="color:rgb(51,51,51);box-sizing:border-box;margin:0px;padding:0px;vertical-align:baseline;border:0px solid;font-size:0px;display:inline-block;float:left;width:0px;height:0px"><br style="box-sizing:border-box">```</span></code></pre><br style="box-sizing:border-box;color:rgb(68,68,68);font-family:-apple-system,BlinkMacSystemFont,Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI","Segoe UI Emoji","Segoe UI Symbol","Meiryo UI";font-size:14px;background-color:rgba(0,0,0,0.05)"><br></div><div>to check if the ip address are presented in the table but call also passed and must not cos i not put never a entry in the table!</div><div></div></div><div><br></div><br clear="all"><div><div dir="ltr"><font color="#888888">Lenz McKAY Gerardo (PICCORO)</font><div><font color="#888888"><a href="http://qgqlochekone.blogspot.com" target="_blank">http://qgqlochekone.blogspot.com</a></font></div></div></div></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div>