[SR-Users] Permissions module question

Daniel-Constantin Mierla miconda at gmail.com
Thu Sep 15 13:06:56 CEST 2016


Hello,


On 14/09/16 09:49, Ivan Dudko wrote:
> Hello!
>
> I am new to kamailio and trying to use it vanilla config.
> Now main question is how to use ip based auth.
> I found recent post of Daniel-Constantin Mierla:
> http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html
> Here he recommends to use 'address' table from permissions module,
>
> I try yo use advice and add this lines at config begin:
> #!define WITH_MYSQL
> #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
> #!define WITH_AUTH
> #!define WITH_IPAUTH
> #!define WITH_USRLOCDB
>
> Database is created and kamailio can access it.
> I am add user 1000 to kamailio via kamctl and successful register it
> with soft-phone.
> I create trunk without registration to kamailio on asterisk server.
> And trying to call from asterisk to user 1000. Call is successful. I
> try to create file /etc/kamailio/permissions.deny with content 'ALL :
> ALL'. And retry previous call. It still sucessful. I try to add record
> with asterisk address to 'address' table with group 1. And retry
> previous call. It still sucessful.
>
> I am confused. I do not now how to disable any address for ip_auth
> except if it in the
> 'address' table. And allow any address with if it request kamailio
> with registration.
>
forget about the /etc/kamailio/*.deny or *.allow files, they are not
related to IP matching with address table at all.

If you want to deny traffic from ip addresses stored in address table
with grp 10, then do:

if(allow_source_address("10")) {
   send_reply("403", "Forbidden");
   exit;
}

If you want to allow traffic only from ip addresses stored in address
table with grp 10, then negate the condition, do:

if( ! allow_source_address("10")) {
   send_reply("403", "Forbidden");
   exit;
}

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
http://www.asipto.com - http://www.kamailio.org
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160915/8d97589e/attachment.html>


More information about the sr-users mailing list