On Monday 13 January 2014 13:06:56 jay binks wrote:
So Im looking at a way of implementing IP Network ACL's in kamailio..
block all except specific subnets etc..
[multiple cidrs]
is there a benevolent kamailio developer on the list who is able to add this simple feature for me ?
I'm using mysql to do this, but a little math makes it work from any source. usr_preference contains stuff like 0.0.0.0/0 or something stricter, implicit denies for users without acl records.
route[ACL] { if(!avp_db_query("select value from usr_preferences where username='$au' and attribute='acl' and inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1 << (32 - substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32) - 1 & ~((1 << (32 - substring_index(value,'/',-1))) - 1)")) { sl_send_reply("403", "Not Allowed by ACL"); exit; }
return; }