Hi,

I think its the order you apply the ACL, first permit some, then deny any?

Vitalie.

On Sat, Oct 9, 2021 at 1:58 PM Mihai Cezar <cezar@mokalife.ro> wrote:
Hello,

I have an issue with filtering on the asterisk side, my requests are:
UsersPhones(bria) -> Kamailio -> Asterisk -> Sip Trunk Out.

The goal is to manage a new layer of protection ( IP filtering / Whitelisting ).
When I try to compile a list of Whitelisted IP in sip.conf I get this error:

NOTICE[205]: acl.c:748 ast_apply_acl: SIP contact ACL: Rejecting
'145.72.23.45' due to a failure to pass ACL '(BASELINE)'
WARNING[205]: chan_sip.c:17061 parse_register_contact: Domain
'5.12.16.2:48669' disallowed by contact ACL (violating IP
145.72.23.45)
WARNING[205]: chan_sip.c:17933 register_verify: Registration denied
because of contact ACL

The IP 145.72.23.45, is the proxy kamailio and if I added it to
sip.conf it works, but so does every ip afterwards.

I tried with contactpermit also with permit, the result is the same as
long as I permit the proxy ip it works. Is there something that I can
do on the asterisk side to activate this filtering Or there is
something that I can do in Kamailio so it will forward the realip ?

contactdeny=0.0.0.0/0.0.0.0
contactpermit=145.72.23.45/32
contactpermit=5.12.16.2/32


Thanks in advance,

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users