[SR-Users] Permissions module question

Ivan Dudko ivan.dudko at gmail.com
Tue Oct 11 12:57:09 CEST 2016 

Daniel,

Thank you. It works.

чт, 15 сент. 2016 г. в 15:07, Daniel-Constantin Mierla <miconda at gmail.com>:

> Hello,
>
> On 14/09/16 09:49, Ivan Dudko wrote:
>
> Hello!
>
> I am new to kamailio and trying to use it vanilla config.
> Now main question is how to use ip based auth.
> I found recent post of Daniel-Constantin Mierla:
> http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
> Here he recommends to use 'address' table from permissions module,
>
> I try yo use advice and add this lines at config begin:
> #!define WITH_MYSQL
> #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
> #!define WITH_AUTH
> #!define WITH_IPAUTH
> #!define WITH_USRLOCDB
>
> Database is created and kamailio can access it.
> I am add user 1000 to kamailio via kamctl and successful register it with
> soft-phone.
> I create trunk without registration to kamailio on asterisk server. And
> trying to call from asterisk to user 1000. Call is successful. I try to
> create file /etc/kamailio/permissions.deny with content 'ALL : ALL'. And
> retry previous call. It still sucessful. I try to add record with asterisk
> address to 'address' table with group 1. And retry previous call. It still
> sucessful.
>
> I am confused. I do not now how to disable any address for ip_auth except
> if it in the
> 'address' table. And allow any address with if it request kamailio with
> registration.
>
> forget about the /etc/kamailio/*.deny or *.allow files, they are not
> related to IP matching with address table at all.
>
> If you want to deny traffic from ip addresses stored in address table with
> grp 10, then do:
>
> if(allow_source_address("10")) {
>    send_reply("403", "Forbidden");
>    exit;
> }
>
> If you want to allow traffic only from ip addresses stored in address
> table with grp 10, then negate the condition, do:
>
> if( ! allow_source_address("10")) {
>    send_reply("403", "Forbidden");
>    exit;
> }
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierlahttp://www.asipto.com - http://www.kamailio.orghttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161011/3873e6fe/attachment.html>

More information about the sr-users mailing list