Hi Ionel,
I agree with James, you should not be editing the adaptive ban script, there
are several problems that will cause.
Maybe as a group we can simplify James's solution so it can be more generically
included into an existing dialplan. Note James's code only works for Asterisk
1.4, so we need both 1.4/1.8 with one commented out. We can add the final
community tested version to the WiKi.
Off the top of my head, a *untested* macro could look like...
Note: By using the "Dialplan Noted Suspicious IP Address" Log() the normal
Adaptive ban count will be required for an actual IP ban. So a couple
mis-dials won't create a ban.
[macro-ban-caller]
exten => s,1,Ringing
exten => s,n,Wait(1.1)
exten => s,n,Answer
;
; Comment / Uncomment for your Asterisk version
; For Asterisk 1.4
;exten => s,n,Set(BANIP=${SIPCHANINFO(recvip)})
;exten => s,n,Log(NOTICE,\'${BANIP}\' - Dialplan Noted Suspicious IP Address)
;
; For Asterisk 1.6/1.8
exten => s,n,Set(BANIP=${CHANNEL(recvip)})
exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
;
; Optional - Uncomment to record Suspicious IP Address
;exten => s,n,System(echo ${BANIP} >> /mnt/kd/suspicious-ip-list)
;
exten => s,n,Playback(silence/1)
exten => s,n,Zapateller ; send "Special Information Tone" (SIT)
exten => s,n,Playback(silence/1)
exten => s,n,Zapateller ; send "Special Information Tone" (SIT)
exten => s,n,Wait(0.5)
exten => s,n,Playback(ss-noservice)
exten => s,n,Wait(1)
exten => s,n,Hangup
Then call as a catch-all for an invalid incoming extension via the default
context in sip.conf:
exten => _X.,1,Macro(macro-ban-caller)
or maybe
exten => i,1,Macro(macro-ban-caller)
Join the Fun! :-)
Lonnie
PS: When banning IP's from the dialplan, I'd strongly suggest using the
following syntax rather than calling "iptables" from the dialplan.
--
; For Asterisk 1.4
exten => s,n,Set(BANIP=${SIPCHANINFO(recvip)})
exten => s,n,Log(NOTICE,\'${BANIP}\' - Dialplan Noted Suspicious IP Address)
; For Asterisk 1.6/1.8
exten => s,n,Set(BANIP=${CHANNEL(recvip)})
exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
--
We added "Dialplan Noted Suspicious IP Address" support to the Adaptive Ban
plugin over a year ago. Make sure you test it.
For Reference: James's dialplan code:
--
; Don't accept any calls not identified above
exten => _X.,1,Gosub(store-cid,s,1)
exten => _X.,n,Set(CDR(userfield)=${EXTEN})
exten => _X.,n,Notify(${CALLERID(num)}|${CALLERID(name)}|${EXTEN}0/172.20.0.100)
exten => _X.,n,Wait(1)
exten => _X.,n,Answer()
exten => _X.,n,Set(BANIP=${SIPCHANINFO(recvip)})
exten => _X.,n,NoOp(IP is ${BANIP})
exten => _X.,n,System(echo ${BANIP} >> /mnt/kd/banlist)
exten => _X.,n,System(iptables -A ADAPTIVE_BAN_CHAIN -p udp -s ${BANIP} -j
ADAPTIVE_BAN_DROP_CHAIN)
exten => _X.,n,Zapateller()
exten => _X.,n,Playback(the-number-u-dialed)
exten => _X.,n,SayDigits(${EXTEN})
exten => _X.,n,Playback(has-been-disconnected&or&no-longer-in-service)
exten => _X.,n,Playback(check-number-dial-again)
exten => _X.,n,Congestion(5)
exten => _X.,n,Hangup()
--
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
