[SR-Users] conditional on secfilter seems does not work or how to do it

PICCORO McKAY Lenz mckaygerhard at gmail.com
Thu Aug 13 02:47:31 CEST 2020


El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx at gmail.com)
escribió:

> Hi there
>
> It must work fine. I've just tested it:
>

no! i found the problem.. i forgot to say that we updated the table
dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in
real-time!

-> "All data will be loaded into memory when the module is started. There
is an RPC reload command to update all the data from database."

https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so
stupid.. htable logic is better, cos runs dynamically..

puff this module are so inflexible!


> kamailio.cfg
>         xinfo("Checking source IP $si");
>         secf_check_ip();
>         xinfo("Result of sec_check_ip: $?");
>
> kamailio.log
>         Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
> <script>: Checking source IP 85.XXX.YYY.54
>         Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
> <script>: Result of sec_check_ip: 2
>
> # kamcmd secfilter.print ip
> IP Address
> ==========
> [+] Blacklisted
>     -----------
>
> [+] Whitelisted
>     -----------
>     0001 -> 85.XXX.YYY.54
>
> Are you sure that the secf_check_ip() function is executed? Could you put
> a log before or after to verify it?
>
> On the other hand, 0 is not a possible return value. If the IP address is
> not found, the return value will be 1:
>
> [image: image.png]
>
> Regards
>
>
> On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard at gmail.com>
> wrote:
>
>>
>> I implemented secfilter in a simple way, in first step routing put that
>> conditional for black list check that already works:
>>
>> ```
>>         secf_check_ip();
>>         if ($? == -2) {
>>                 xlog("L_ALERT", "$rm from $si is blacklisted");
>>                 drop();
>>         }
>> ```
>>
>>
>>
>> BUT NOW i want to change to whitelick checks, so i reviewed the docs and
>> "2" is resulting for whitelist, so then i said "if not whitelisted so
>> block" using "!= 2" as on
>> https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS
>> DOES NOT WORK: that is the code:
>>
>> ```
>>         secf_check_ip();
>>         if ($? != 2) {
>>                 xlog("L_ALERT", "$rm from $si is not in whitelist, block");
>>                 drop();
>>         }
>> ```
>>
>>
>>
>> when i tested all the calls passed not matter if are in the table or not
>> as whitelist!
>>
>> I want able to call only if are present and whitelisted the ip address..
>> so i also tested with:
>>
>> ```
>>         secf_check_ip();
>>         if ($? == 0) {
>>                 xlog("L_ALERT", "$rm from $si is not present, so block");
>>                 drop();
>>         }
>> ```
>>
>>
>>
>> to check if the ip address are presented in the table but call also
>> passed and must not cos i not put never a entry in the table!
>>
>>
>> Lenz McKAY Gerardo (PICCORO)
>> http://qgqlochekone.blogspot.com
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/12e50182/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 26406 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/12e50182/attachment.png>


More information about the sr-users mailing list