[SR-Users] Kamailio Inbound proxy to Asterisk - ACL Filtering
David Villasmil
david.villasmil.work at gmail.com
Mon Oct 11 00:27:01 CEST 2021
Hello, this is really an Asterisk question.
Here in Kamailio we'd recommend you do that filtering at the proxy level,
using the "permissions" module.
Regards,
David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
On Sun, Oct 10, 2021 at 6:52 PM Mihai Cezar <cezar at mokalife.ro> wrote:
> Hi,
>
> The last matching rule is the one used. If no rule matches, then the
> connection is permitted.
>
> Example:
> deny=0.0.0.0/0.0.0.0
> permit=1.2.3.4/32
> Deny every address except for the only one allowed.
>
> Basically the rules are processed from the first to the last.
>
> On Sat, Oct 9, 2021 at 3:26 PM Bugaian A. Vitalie <bugaian at gmail.com>
> wrote:
> >
> > Hi,
> >
> > I think its the order you apply the ACL, first permit some, then deny
> any?
> >
> > Vitalie.
> >
> > On Sat, Oct 9, 2021 at 1:58 PM Mihai Cezar <cezar at mokalife.ro> wrote:
> >>
> >> Hello,
> >>
> >> I have an issue with filtering on the asterisk side, my requests are:
> >> UsersPhones(bria) -> Kamailio -> Asterisk -> Sip Trunk Out.
> >>
> >> The goal is to manage a new layer of protection ( IP filtering /
> Whitelisting ).
> >> When I try to compile a list of Whitelisted IP in sip.conf I get this
> error:
> >>
> >> NOTICE[205]: acl.c:748 ast_apply_acl: SIP contact ACL: Rejecting
> >> '145.72.23.45' due to a failure to pass ACL '(BASELINE)'
> >> WARNING[205]: chan_sip.c:17061 parse_register_contact: Domain
> >> '5.12.16.2:48669' disallowed by contact ACL (violating IP
> >> 145.72.23.45)
> >> WARNING[205]: chan_sip.c:17933 register_verify: Registration denied
> >> because of contact ACL
> >>
> >> The IP 145.72.23.45, is the proxy kamailio and if I added it to
> >> sip.conf it works, but so does every ip afterwards.
> >>
> >> I tried with contactpermit also with permit, the result is the same as
> >> long as I permit the proxy ip it works. Is there something that I can
> >> do on the asterisk side to activate this filtering Or there is
> >> something that I can do in Kamailio so it will forward the realip ?
> >>
> >> contactdeny=0.0.0.0/0.0.0.0
> >> contactpermit=145.72.23.45/32
> >> contactpermit=5.12.16.2/32
> >>
> >>
> >> Thanks in advance,
> >>
> >> __________________________________________________________
> >> Kamailio - Users Mailing List - Non Commercial Discussions
> >> * sr-users at lists.kamailio.org
> >> Important: keep the mailing list in the recipients, do not reply only
> to the sender!
> >> Edit mailing list options or unsubscribe:
> >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > __________________________________________________________
> > Kamailio - Users Mailing List - Non Commercial Discussions
> > * sr-users at lists.kamailio.org
> > Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> > Edit mailing list options or unsubscribe:
> > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211010/98662311/attachment.htm>
More information about the sr-users
mailing list