[Serusers] Implementing a black list.

Evan Borgström evan.borgstrom at ca.mci.com
Wed Jul 12 16:16:06 CEST 2006

	To get the fm style matching you need to apply the attached patch
before building the avpops module (it also adds the ability to check
dst_ip, an unrelated but useful addition). Then in your usr_preferences
table add a new item like so:

INSERT INTO usr_preferences (uuid, attribute, value)  VALUES
('prefix_list', 'deny', '00355*');

	Next add the following modparam to the avpops module:

modparam("avpops", "avp_aliases", "plval=i:100;plfm=i:101")

	If you already have other aliases simply append these new ones to your
existing list, finally when you want to check if you should block the
call do the following:

if (avp_db_load("prefix_list", "s:deny")) {
	avp_write("$ruri/username", "$plval");
	avp_copy("s:deny", "$plfm");
	if (avp_check("$plval", "fm/$plfm/g")) {
		sl_send_reply("488", "Call Denied By Prefix List");

	Writing $ruri/username & copying s:deny into aliases is the trick here
and what took me the most time digging through the avp_check code to
figure out. Once they're copied into aliases avp_check gladly checks
them where as it spits out errors if you try to use either of the values


Robert Zorop wrote:
> Hi, please can someone post how the avp module could help with this?.
> Christian, i think your idea works as well, but my problem is how to get
> diferent destinations blocked depending on the user, or IP the call is
> from.
> 2006/7/11, Greger V. Teigre <greger at teigre.com>:
>>  Please note that current ser 0.9.x does not have the fm style matching.
>> This was a small mod that was done to openser 0.9.4 (was it?) right
>> before
>> releasing (and that was never commited to ser).
>> However, the ser 0.9.x avpops module can be replaced with the openser
>> 0.9.4 avpops version.
>> g-)
>> Evan Borgström wrote:
>>     You can do it with the avpops module and a little crafty-ness. I did
>> something similar using this general logic.
>>     Store patterns in the database that will satisfy the fm style
>> matching
>> of the avpops module (ie. "sip:00355*"), then load them with avp_db_load
>> and then run over it with avp_check on $ruri/username using the fm
>> operator and the g flag to check them all. If the avp_check succeeds
>> then you block the call, if not let the call through.
>> -Evan
>> Robert Zorop wrote:
>>  Hi, thanks for the response. The problem i have is a lot of this
>> destinations to block. Does someone knows a scalable method to do it? . I
>> think that writing a hundred of this entry should be slow at lookup
>> time?..
>> 2006/7/10, CM0002 at aol.com <CM0002 at aol.com> <CM0002 at aol.com>:
>>   try this:
>>         # block expensive area codes
>>         if (uri=~"^sip:00355[0-9].*@.*" <%5Esip:00355%5B0-9%5D.*@.*> |
>>         uri=~"^sip:00358830[0-9].*@.*" <%5Esip:00358830%5B0-9%5D.*@.*> |
>>         uri=~"^sip:001670.*@.*" <%5Esip:001670.*@.*> |
>>         uri=~"^sip:001671.*@.*" <%5Esip:001671.*@.*> |
>>         uri=~"^sip:00247[0-9].*@.*" <%5Esip:00247%5B0-9%5D.*@.*>
>>                ) {
>>                        sl_send_reply("409", "Country not in plan");
>>                        break;
>>                 };
>> regards Christian
>>  ------------------------------------------------------------------------
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.orghttp://lists.iptel.org/mailman/listinfo/serusers
>>  _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.orghttp://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ser-mci-0.9.6-avpops_CVSHEAD.patch
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060712/e075365c/attachment.asc>

More information about the sr-users mailing list