[SR-Users] conditional on secfilter seems does not work or how to do it

Pepelux pepeluxx at gmail.com
Wed Aug 12 16:30:10 CEST 2020


Hi there

It must work fine. I've just tested it:

kamailio.cfg
        xinfo("Checking source IP $si");
        secf_check_ip();
        xinfo("Result of sec_check_ip: $?");

kamailio.log
        Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Checking source IP 85.XXX.YYY.54
        Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
<script>: Result of sec_check_ip: 2

# kamcmd secfilter.print ip
IP Address
==========
[+] Blacklisted
    -----------

[+] Whitelisted
    -----------
    0001 -> 85.XXX.YYY.54

Are you sure that the secf_check_ip() function is executed? Could you put a
log before or after to verify it?

On the other hand, 0 is not a possible return value. If the IP address is
not found, the return value will be 1:

[image: image.png]

Regards


On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard at gmail.com>
wrote:

>
> I implemented secfilter in a simple way, in first step routing put that
> conditional for black list check that already works:
>
> ```
>         secf_check_ip();
>         if ($? == -2) {
>                 xlog("L_ALERT", "$rm from $si is blacklisted");
>                 drop();
>         }
> ```
>
>
>
> BUT NOW i want to change to whitelick checks, so i reviewed the docs and
> "2" is resulting for whitelist, so then i said "if not whitelisted so
> block" using "!= 2" as on
> https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS
> DOES NOT WORK: that is the code:
>
> ```
>         secf_check_ip();
>         if ($? != 2) {
>                 xlog("L_ALERT", "$rm from $si is not in whitelist, block");
>                 drop();
>         }
> ```
>
>
>
> when i tested all the calls passed not matter if are in the table or not
> as whitelist!
>
> I want able to call only if are present and whitelisted the ip address..
> so i also tested with:
>
> ```
>         secf_check_ip();
>         if ($? == 0) {
>                 xlog("L_ALERT", "$rm from $si is not present, so block");
>                 drop();
>         }
> ```
>
>
>
> to check if the ip address are presented in the table but call also passed
> and must not cos i not put never a entry in the table!
>
>
> Lenz McKAY Gerardo (PICCORO)
> http://qgqlochekone.blogspot.com
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/226aab8c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 26406 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/226aab8c/attachment.png>


More information about the sr-users mailing list