Re: [Freeswitch-users] ACL not working
If I make any changes on the acl.conf.xml, it doesn't take any effect. Why is that? What am I doing wrong? Diego On Tue, Apr 21, 2009 at 5:29 AM, Diego Viola diego.vi...@gmail.com wrote: More info: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ !-- param name=accept-blind-reg value=true/ -- !-- param name=accept-blind-auth value=true/ -- So any ideas? On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote: Hey guys, I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100. I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works. I have this on the internal profile: param name=apply-nat-acl value=rfc1918/ param name=apply-inbound-acl value=domains/ param name=apply-register-acl value=domains/ And this is how my acl.conf.xml looks, it's all set to deny: configuration name=acl.conf description=Network Lists network-lists list name=dl-candidates default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=rfc1918 default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=lan default=deny node type=deny cidr=192.168.42.0/24/ node type=deny cidr=192.168.42.42/32/ /list list name=strict default=deny node type=deny cidr=208.102.123.124/32/ /list !-- This will traverse the directory adding all users with the cidr= tag to this ACL, when this ACL matches the users variables and params apply as if they digest authenticated. -- list name=domains default=deny node type=deny domain=$${domain}/ node type=deny cidr=192.168.0.0/24/ /list /network-lists /configuration But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to 192.168.0.0/24 on the domains context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference. Please help me. Thanks, Diego ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
freeswi...@internal acl false On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.com wrote: Hey guys, I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100. I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works. I have this on the internal profile: param name=apply-nat-acl value=rfc1918/ param name=apply-inbound-acl value=domains/ param name=apply-register-acl value=domains/ And this is how my acl.conf.xml looks, it's all set to deny: configuration name=acl.conf description=Network Lists network-lists list name=dl-candidates default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=rfc1918 default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=lan default=deny node type=deny cidr=192.168.42.0/24/ node type=deny cidr=192.168.42.42/32/ /list list name=strict default=deny node type=deny cidr=208.102.123.124/32/ /list !-- This will traverse the directory adding all users with the cidr= tag to this ACL, when this ACL matches the users variables and params apply as if they digest authenticated. -- list name=domains default=deny node type=deny domain=$${domain}/ node type=deny cidr=192.168.0.0/24/ /list /network-lists /configuration But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to 192.168.0.0/24 on the domains context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference. Please help me. Thanks, Diego ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Ok I just remade the config and now it's working as it should, it's not letting me register. 2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283 sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl domains However, I have this: param name=apply-inbound-acl value=domains/ And this: list name=domains default=deny !-- node type=allow domain=$${domain}/-- node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ /list And I can still call the conference (3030) without being registered. Why is this? Thanks. On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola diego.vi...@gmail.com wrote: freeswi...@internal acl false On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote: Hey guys, I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100. I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works. I have this on the internal profile: param name=apply-nat-acl value=rfc1918/ param name=apply-inbound-acl value=domains/ param name=apply-register-acl value=domains/ And this is how my acl.conf.xml looks, it's all set to deny: configuration name=acl.conf description=Network Lists network-lists list name=dl-candidates default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=rfc1918 default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=lan default=deny node type=deny cidr=192.168.42.0/24/ node type=deny cidr=192.168.42.42/32/ /list list name=strict default=deny node type=deny cidr=208.102.123.124/32/ /list !-- This will traverse the directory adding all users with the cidr= tag to this ACL, when this ACL matches the users variables and params apply as if they digest authenticated. -- list name=domains default=deny node type=deny domain=$${domain}/ node type=deny cidr=192.168.0.0/24/ /list /network-lists /configuration But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to 192.168.0.0/24 on the domains context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference. Please help me. Thanks, Diego ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Oh it was because I had auth-calls set to true, now I turned it false and it works as I expect! Silly me, thanks everyone anyway =D Diego On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola diego.vi...@gmail.com wrote: Ok I just remade the config and now it's working as it should, it's not letting me register. 2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283 sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl domains However, I have this: param name=apply-inbound-acl value=domains/ And this: list name=domains default=deny !-- node type=allow domain=$${domain}/-- node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ /list And I can still call the conference (3030) without being registered. Why is this? Thanks. On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola diego.vi...@gmail.comwrote: freeswi...@internal acl false On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote: Hey guys, I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100. I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works. I have this on the internal profile: param name=apply-nat-acl value=rfc1918/ param name=apply-inbound-acl value=domains/ param name=apply-register-acl value=domains/ And this is how my acl.conf.xml looks, it's all set to deny: configuration name=acl.conf description=Network Lists network-lists list name=dl-candidates default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=rfc1918 default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=lan default=deny node type=deny cidr=192.168.42.0/24/ node type=deny cidr=192.168.42.42/32/ /list list name=strict default=deny node type=deny cidr=208.102.123.124/32/ /list !-- This will traverse the directory adding all users with the cidr= tag to this ACL, when this ACL matches the users variables and params apply as if they digest authenticated. -- list name=domains default=deny node type=deny domain=$${domain}/ node type=deny cidr=192.168.0.0/24/ /list /network-lists /configuration But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to 192.168.0.0/24 on the domains context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference. Please help me. Thanks, Diego ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
More info: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ !-- param name=accept-blind-reg value=true/ -- !-- param name=accept-blind-auth value=true/ -- So any ideas? On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.com wrote: Hey guys, I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100. I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works. I have this on the internal profile: param name=apply-nat-acl value=rfc1918/ param name=apply-inbound-acl value=domains/ param name=apply-register-acl value=domains/ And this is how my acl.conf.xml looks, it's all set to deny: configuration name=acl.conf description=Network Lists network-lists list name=dl-candidates default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=rfc1918 default=deny node type=deny cidr=10.0.0.0/8/ node type=deny cidr=172.16.0.0/12/ node type=deny cidr=192.168.0.0/16/ /list list name=lan default=deny node type=deny cidr=192.168.42.0/24/ node type=deny cidr=192.168.42.42/32/ /list list name=strict default=deny node type=deny cidr=208.102.123.124/32/ /list !-- This will traverse the directory adding all users with the cidr= tag to this ACL, when this ACL matches the users variables and params apply as if they digest authenticated. -- list name=domains default=deny node type=deny domain=$${domain}/ node type=deny cidr=192.168.0.0/24/ /list /network-lists /configuration But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to 192.168.0.0/24 on the domains context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference. Please help me. Thanks, Diego ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Nope, I just wanted to allow 1 ip, 192.168.0.100. Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.com wrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.org wrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
This alone should be able to block inbound calls right?: internal.xml: param name=apply-inbound-acl value=domains/ acl.conf.xml: list name=domains default=deny node type=allow domain=$${domain}/ /list vars.xml: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.com wrote: I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
If I turn internal_auth_calls to false it blocks... but why I can't do it with internal_auth_calls=true? On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.com wrote: This alone should be able to block inbound calls right?: internal.xml: param name=apply-inbound-acl value=domains/ acl.conf.xml: list name=domains default=deny node type=allow domain=$${domain}/ /list vars.xml: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote: I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I'm trying to block inbound calls with internal_auth_calls=true. On Tue, Apr 21, 2009 at 8:46 PM, Diego Viola diego.vi...@gmail.com wrote: If I turn internal_auth_calls to false it blocks... but why I can't do it with internal_auth_calls=true? On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.comwrote: This alone should be able to block inbound calls right?: internal.xml: param name=apply-inbound-acl value=domains/ acl.conf.xml: list name=domains default=deny node type=allow domain=$${domain}/ /list vars.xml: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote: I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I got it, thanks people :D On Tue, Apr 21, 2009 at 8:57 PM, Diego Viola diego.vi...@gmail.com wrote: I'm trying to block inbound calls with internal_auth_calls=true. On Tue, Apr 21, 2009 at 8:46 PM, Diego Viola diego.vi...@gmail.comwrote: If I turn internal_auth_calls to false it blocks... but why I can't do it with internal_auth_calls=true? On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.comwrote: This alone should be able to block inbound calls right?: internal.xml: param name=apply-inbound-acl value=domains/ acl.conf.xml: list name=domains default=deny node type=allow domain=$${domain}/ /list vars.xml: X-PRE-PROCESS cmd=set data=internal_auth_calls=true/ On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote: I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE: http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Diego, I highly recommend you seek professional help... You seem to be talking to yourself A LOT! :P just kidding... good you understand it now! /b On Apr 21, 2009, at 8:44 PM, Diego Viola wrote: I got it, thanks people :D Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Thanks Brian. Couldn't have made it without your help. Regards, Diego On Tue, Apr 21, 2009 at 9:55 PM, Brian West br...@freeswitch.org wrote: Diego, I highly recommend you seek professional help... You seem to be talking to yourself A LOT! :P just kidding... good you understand it now! /b On Apr 21, 2009, at 8:44 PM, Diego Viola wrote: I got it, thanks people :D Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Diego Viola diego.vi...@gmail.com wrote: I got it, thanks people :D Could you now add it to the documentation? ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Sure. On Tue, Apr 21, 2009 at 10:37 PM, Jason White ja...@jasonjgw.net wrote: Diego Viola diego.vi...@gmail.com wrote: I got it, thanks people :D Could you now add it to the documentation? ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org