While I could to this as you said, my DB Server does not have inet_aton ...

( Im using db_cassandra )

My DB simply returns a single string with a list of comma separated values.

I then used s.select and while to achieve what I wanted.

$var(i) = 0;

while ( $(avp(i:2){s.select,$var(i),,}) != '' ) {

if (is_in_subnet( $si , $(avp(i:2){s.select,$var(i),,}) )) {

<< DO SOMETHING >>

break;

};

$var(i) = $var(i) + 1;

}

sorry for any confusion....

avp(i:2) looks like 192.168.1.0/24,172.16.1.0/24

this should be fine for now, but how good would it be if ipops module could handle this in a single function call ?

On 14 January 2014 20:17, Daniel Tryba <daniel@pocos.nl> wrote:

On Monday 13 January 2014 13:06:56 jay binks wrote:
> So Im looking at a way of implementing IP Network ACL's in kamailio..
>
> block all except specific subnets etc..
>

[multiple cidrs]

>
> is there a benevolent kamailio developer on the list who is able to add
> this simple feature for me ?

I'm using mysql to do this, but a little math makes it work from any source.
usr_preference contains stuff like 0.0.0.0/0 or something stricter, implicit
denies for users without acl records.

route[ACL]
{
if(!avp_db_query("select value from usr_preferences where
username='$au' and attribute='acl' and
inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1 << (32 -
substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32) - 1 & ~((1 <<
(32 - substring_index(value,'/',-1))) - 1)"))
{
sl_send_reply("403", "Not Allowed by ACL");
exit;
}

return;
}

--

POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024

--
Sincerely

Jay