[SR-Users] conditional on secfilter seems does not work or how to do it
PICCORO McKAY Lenz
mckaygerhard at gmail.com
Thu Aug 13 02:47:31 CEST 2020
El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx at gmail.com)
escribió:
> Hi there
>
> It must work fine. I've just tested it:
>
no! i found the problem.. i forgot to say that we updated the table
dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in
real-time!
-> "All data will be loaded into memory when the module is started. There
is an RPC reload command to update all the data from database."
https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so
stupid.. htable logic is better, cos runs dynamically..
puff this module are so inflexible!
> kamailio.cfg
> xinfo("Checking source IP $si");
> secf_check_ip();
> xinfo("Result of sec_check_ip: $?");
>
> kamailio.log
> Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
> <script>: Checking source IP 85.XXX.YYY.54
> Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
> <script>: Result of sec_check_ip: 2
>
> # kamcmd secfilter.print ip
> IP Address
> ==========
> [+] Blacklisted
> -----------
>
> [+] Whitelisted
> -----------
> 0001 -> 85.XXX.YYY.54
>
> Are you sure that the secf_check_ip() function is executed? Could you put
> a log before or after to verify it?
>
> On the other hand, 0 is not a possible return value. If the IP address is
> not found, the return value will be 1:
>
> [image: image.png]
>
> Regards
>
>
> On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard at gmail.com>
> wrote:
>
>>
>> I implemented secfilter in a simple way, in first step routing put that
>> conditional for black list check that already works:
>>
>> ```
>> secf_check_ip();
>> if ($? == -2) {
>> xlog("L_ALERT", "$rm from $si is blacklisted");
>> drop();
>> }
>> ```
>>
>>
>>
>> BUT NOW i want to change to whitelick checks, so i reviewed the docs and
>> "2" is resulting for whitelist, so then i said "if not whitelisted so
>> block" using "!= 2" as on
>> https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS
>> DOES NOT WORK: that is the code:
>>
>> ```
>> secf_check_ip();
>> if ($? != 2) {
>> xlog("L_ALERT", "$rm from $si is not in whitelist, block");
>> drop();
>> }
>> ```
>>
>>
>>
>> when i tested all the calls passed not matter if are in the table or not
>> as whitelist!
>>
>> I want able to call only if are present and whitelisted the ip address..
>> so i also tested with:
>>
>> ```
>> secf_check_ip();
>> if ($? == 0) {
>> xlog("L_ALERT", "$rm from $si is not present, so block");
>> drop();
>> }
>> ```
>>
>>
>>
>> to check if the ip address are presented in the table but call also
>> passed and must not cos i not put never a entry in the table!
>>
>>
>> Lenz McKAY Gerardo (PICCORO)
>> http://qgqlochekone.blogspot.com
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/12e50182/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 26406 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200812/12e50182/attachment.png>
More information about the sr-users
mailing list