Following code snippet from default kamailio.cfg never gives 403 if you smart enough to set "fromdomain" parameter on Asterisk to Kamailio's IP. How to fix it? I want password-based registration (which is OK now) and permit calls via Kamailio only from permitted IPs.
# if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (from_uri!=myself && uri!=myself) { sl_send_reply("403","Not relaying"); exit; }
On Fri, Apr 19, 2019 at 09:44:14AM +0300, Yu Boot wrote:
Following code snippet from default kamailio.cfg never gives 403 if you smart enough to set "fromdomain" parameter on Asterisk to Kamailio's IP. How to fix it? I want password-based registration (which is OK now) and permit calls via Kamailio only from permitted IPs.
TIMTOWTDI but a fairly generic and easily extendable way is to use the permissions module: https://www.kamailio.org/docs/modules/stable/modules/permissions.html#permis... (or one of the variants):
if (!allow_source_address() || (from_uri!=myself && uri!=myself)) { sl_send_reply("403","Not relaying"); exit; }
Your remark regarding authentication might result in something like: if(!allow_source_address() || $au==$null) { sl_send_reply("403","Go away!"); }
On Fri, Apr 19, 2019 at 11:38:50AM +0300, Yu Boot wrote:
Added this before final "return", it still allow to call from any IP without registration. :(
if(!allow_source_address() || $au==$null) { sl_send_reply("403","Go away!"); }
This code is in no way related to registrations. If you want to check against the location database, you'll have to do this manually AFAIK. If you store locations in a database you can select where received like 'sip:$si:%' with e.g. sql_ops
-
Daniel Tryba -
Yu Boot