Re: [Freeswitch-users] ACL not working
If I make any changes on the acl.conf.xml, it doesn't take any effect.
Why is that? What am I doing wrong?
Diego
On Tue, Apr 21, 2009 at 5:29 AM, Diego Viola diego.vi...@gmail.com wrote:
More info:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
!-- param name=accept-blind-reg value=true/ --
!-- param name=accept-blind-auth value=true/ --
So any ideas?
On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote:
Hey guys,
I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.
I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.
I have this on the internal profile:
param name=apply-nat-acl value=rfc1918/
param name=apply-inbound-acl value=domains/
param name=apply-register-acl value=domains/
And this is how my acl.conf.xml looks, it's all set to deny:
configuration name=acl.conf description=Network Lists
network-lists
list name=dl-candidates default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=rfc1918 default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=lan default=deny
node type=deny cidr=192.168.42.0/24/
node type=deny cidr=192.168.42.42/32/
/list
list name=strict default=deny
node type=deny cidr=208.102.123.124/32/
/list
!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
--
list name=domains default=deny
node type=deny domain=$${domain}/
node type=deny cidr=192.168.0.0/24/
/list
/network-lists
/configuration
But I'm still allowed to register with the 1000 user and make calls, to
the conference extension, etc... I can't understand this, if it's all to
deny and the cidr is set to 192.168.0.0/24 on the domains context,
which is what hte profile uses, shouldn't the registration/call be denied. I
have tried many conbinations but whenever I change something it wont make
any difference.
Please help me.
Thanks,
Diego
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
freeswi...@internal acl
false
On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.com wrote:
Hey guys,
I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.
I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.
I have this on the internal profile:
param name=apply-nat-acl value=rfc1918/
param name=apply-inbound-acl value=domains/
param name=apply-register-acl value=domains/
And this is how my acl.conf.xml looks, it's all set to deny:
configuration name=acl.conf description=Network Lists
network-lists
list name=dl-candidates default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=rfc1918 default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=lan default=deny
node type=deny cidr=192.168.42.0/24/
node type=deny cidr=192.168.42.42/32/
/list
list name=strict default=deny
node type=deny cidr=208.102.123.124/32/
/list
!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
--
list name=domains default=deny
node type=deny domain=$${domain}/
node type=deny cidr=192.168.0.0/24/
/list
/network-lists
/configuration
But I'm still allowed to register with the 1000 user and make calls, to the
conference extension, etc... I can't understand this, if it's all to deny
and the cidr is set to 192.168.0.0/24 on the domains context, which is
what hte profile uses, shouldn't the registration/call be denied. I have
tried many conbinations but whenever I change something it wont make any
difference.
Please help me.
Thanks,
Diego
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Ok I just remade the config and now it's working as it should, it's not
letting me register.
2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283
sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl domains
However, I have this:
param name=apply-inbound-acl value=domains/
And this:
list name=domains default=deny
!-- node type=allow domain=$${domain}/--
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
/list
And I can still call the conference (3030) without being registered. Why is
this?
Thanks.
On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola diego.vi...@gmail.com wrote:
freeswi...@internal acl
false
On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote:
Hey guys,
I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.
I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.
I have this on the internal profile:
param name=apply-nat-acl value=rfc1918/
param name=apply-inbound-acl value=domains/
param name=apply-register-acl value=domains/
And this is how my acl.conf.xml looks, it's all set to deny:
configuration name=acl.conf description=Network Lists
network-lists
list name=dl-candidates default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=rfc1918 default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=lan default=deny
node type=deny cidr=192.168.42.0/24/
node type=deny cidr=192.168.42.42/32/
/list
list name=strict default=deny
node type=deny cidr=208.102.123.124/32/
/list
!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
--
list name=domains default=deny
node type=deny domain=$${domain}/
node type=deny cidr=192.168.0.0/24/
/list
/network-lists
/configuration
But I'm still allowed to register with the 1000 user and make calls, to
the conference extension, etc... I can't understand this, if it's all to
deny and the cidr is set to 192.168.0.0/24 on the domains context,
which is what hte profile uses, shouldn't the registration/call be denied. I
have tried many conbinations but whenever I change something it wont make
any difference.
Please help me.
Thanks,
Diego
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Oh it was because I had auth-calls set to true, now I turned it false and it
works as I expect!
Silly me, thanks everyone anyway =D
Diego
On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola diego.vi...@gmail.com wrote:
Ok I just remade the config and now it's working as it should, it's not
letting me register.
2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283
sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl domains
However, I have this:
param name=apply-inbound-acl value=domains/
And this:
list name=domains default=deny
!-- node type=allow domain=$${domain}/--
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
/list
And I can still call the conference (3030) without being registered. Why is
this?
Thanks.
On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola diego.vi...@gmail.comwrote:
freeswi...@internal acl
false
On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.comwrote:
Hey guys,
I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.
I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.
I have this on the internal profile:
param name=apply-nat-acl value=rfc1918/
param name=apply-inbound-acl value=domains/
param name=apply-register-acl value=domains/
And this is how my acl.conf.xml looks, it's all set to deny:
configuration name=acl.conf description=Network Lists
network-lists
list name=dl-candidates default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=rfc1918 default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=lan default=deny
node type=deny cidr=192.168.42.0/24/
node type=deny cidr=192.168.42.42/32/
/list
list name=strict default=deny
node type=deny cidr=208.102.123.124/32/
/list
!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
--
list name=domains default=deny
node type=deny domain=$${domain}/
node type=deny cidr=192.168.0.0/24/
/list
/network-lists
/configuration
But I'm still allowed to register with the 1000 user and make calls, to
the conference extension, etc... I can't understand this, if it's all to
deny and the cidr is set to 192.168.0.0/24 on the domains context,
which is what hte profile uses, shouldn't the registration/call be denied. I
have tried many conbinations but whenever I change something it wont make
any difference.
Please help me.
Thanks,
Diego
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
More info:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
!-- param name=accept-blind-reg value=true/ --
!-- param name=accept-blind-auth value=true/ --
So any ideas?
On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola diego.vi...@gmail.com wrote:
Hey guys,
I'm currently testing FS inside a LAN. FreeSWITCH is running on
192.168.0.101 and my softphone is on 192.168.0.100.
I can register and make calls just fine, but I want to deny everything in
order to learn how the ACL works.
I have this on the internal profile:
param name=apply-nat-acl value=rfc1918/
param name=apply-inbound-acl value=domains/
param name=apply-register-acl value=domains/
And this is how my acl.conf.xml looks, it's all set to deny:
configuration name=acl.conf description=Network Lists
network-lists
list name=dl-candidates default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=rfc1918 default=deny
node type=deny cidr=10.0.0.0/8/
node type=deny cidr=172.16.0.0/12/
node type=deny cidr=192.168.0.0/16/
/list
list name=lan default=deny
node type=deny cidr=192.168.42.0/24/
node type=deny cidr=192.168.42.42/32/
/list
list name=strict default=deny
node type=deny cidr=208.102.123.124/32/
/list
!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
--
list name=domains default=deny
node type=deny domain=$${domain}/
node type=deny cidr=192.168.0.0/24/
/list
/network-lists
/configuration
But I'm still allowed to register with the 1000 user and make calls, to the
conference extension, etc... I can't understand this, if it's all to deny
and the cidr is set to 192.168.0.0/24 on the domains context, which is
what hte profile uses, shouldn't the registration/call be denied. I have
tried many conbinations but whenever I change something it wont make any
difference.
Please help me.
Thanks,
Diego
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Nope, I just wanted to allow 1 ip, 192.168.0.100. Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.com wrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I was just trying to deny everything, and I got confused at what the default in the list made, but I got it now. So I have list name=domains default=deny and that alone denies the registration, which is what I want, but I can still make calls. And I have this: param name=apply-inbound-acl value=domains/ Shouldn't the domains which is defaulted to deny block the inbound calls? Thanks, I hope this doesn't make anyone nervous, just trying to learn :) Regards, Diego On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.org wrote: On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote: Nope, I just wanted to allow 1 ip, 192.168.0.100. Then why have a deny for this address? Don't you want something like this? node type=allow cidr=192.168.0.100/32/ -MC Diego On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.org wrote: Do you want to allow these IP ranges? /b On Apr 21, 2009, at 6:08 AM, Diego Viola wrote: node type=deny cidr=192.168.0.100/32/ node type=deny cidr=192.168.0.0/24/ Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
This alone should be able to block inbound calls right?:
internal.xml:
param name=apply-inbound-acl value=domains/
acl.conf.xml:
list name=domains default=deny
node type=allow domain=$${domain}/
/list
vars.xml:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.com wrote:
I was just trying to deny everything, and I got confused at what the
default in the list made, but I got it now.
So I have list name=domains default=deny and that alone denies
the registration, which is what I want, but I can still make calls.
And I have this: param name=apply-inbound-acl value=domains/
Shouldn't the domains which is defaulted to deny block the inbound
calls?
Thanks, I hope this doesn't make anyone nervous, just trying to learn :)
Regards,
Diego
On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote:
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote:
Nope, I just wanted to allow 1 ip, 192.168.0.100.
Then why have a deny for this address? Don't you want something like this?
node type=allow cidr=192.168.0.100/32/
-MC
Diego
On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote:
Do you want to allow these IP ranges?
/b
On Apr 21, 2009, at 6:08 AM, Diego Viola wrote:
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
Brian West
br...@freeswitch.org
-- Meet us at ClueCon! http://www.cluecon.com
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
If I turn internal_auth_calls to false it blocks... but why I can't do it
with internal_auth_calls=true?
On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.com wrote:
This alone should be able to block inbound calls right?:
internal.xml:
param name=apply-inbound-acl value=domains/
acl.conf.xml:
list name=domains default=deny
node type=allow domain=$${domain}/
/list
vars.xml:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote:
I was just trying to deny everything, and I got confused at what the
default in the list made, but I got it now.
So I have list name=domains default=deny and that alone denies
the registration, which is what I want, but I can still make calls.
And I have this: param name=apply-inbound-acl value=domains/
Shouldn't the domains which is defaulted to deny block the inbound
calls?
Thanks, I hope this doesn't make anyone nervous, just trying to learn :)
Regards,
Diego
On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote:
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote:
Nope, I just wanted to allow 1 ip, 192.168.0.100.
Then why have a deny for this address? Don't you want something like
this?
node type=allow cidr=192.168.0.100/32/
-MC
Diego
On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote:
Do you want to allow these IP ranges?
/b
On Apr 21, 2009, at 6:08 AM, Diego Viola wrote:
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
Brian West
br...@freeswitch.org
-- Meet us at ClueCon! http://www.cluecon.com
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I'm trying to block inbound calls with internal_auth_calls=true.
On Tue, Apr 21, 2009 at 8:46 PM, Diego Viola diego.vi...@gmail.com wrote:
If I turn internal_auth_calls to false it blocks... but why I can't do it
with internal_auth_calls=true?
On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.comwrote:
This alone should be able to block inbound calls right?:
internal.xml:
param name=apply-inbound-acl value=domains/
acl.conf.xml:
list name=domains default=deny
node type=allow domain=$${domain}/
/list
vars.xml:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote:
I was just trying to deny everything, and I got confused at what the
default in the list made, but I got it now.
So I have list name=domains default=deny and that alone denies
the registration, which is what I want, but I can still make calls.
And I have this: param name=apply-inbound-acl value=domains/
Shouldn't the domains which is defaulted to deny block the inbound
calls?
Thanks, I hope this doesn't make anyone nervous, just trying to learn :)
Regards,
Diego
On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins m...@freeswitch.orgwrote:
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote:
Nope, I just wanted to allow 1 ip, 192.168.0.100.
Then why have a deny for this address? Don't you want something like
this?
node type=allow cidr=192.168.0.100/32/
-MC
Diego
On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote:
Do you want to allow these IP ranges?
/b
On Apr 21, 2009, at 6:08 AM, Diego Viola wrote:
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
Brian West
br...@freeswitch.org
-- Meet us at ClueCon! http://www.cluecon.com
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
I got it, thanks people :D
On Tue, Apr 21, 2009 at 8:57 PM, Diego Viola diego.vi...@gmail.com wrote:
I'm trying to block inbound calls with internal_auth_calls=true.
On Tue, Apr 21, 2009 at 8:46 PM, Diego Viola diego.vi...@gmail.comwrote:
If I turn internal_auth_calls to false it blocks... but why I can't do it
with internal_auth_calls=true?
On Tue, Apr 21, 2009 at 8:45 PM, Diego Viola diego.vi...@gmail.comwrote:
This alone should be able to block inbound calls right?:
internal.xml:
param name=apply-inbound-acl value=domains/
acl.conf.xml:
list name=domains default=deny
node type=allow domain=$${domain}/
/list
vars.xml:
X-PRE-PROCESS cmd=set data=internal_auth_calls=true/
On Tue, Apr 21, 2009 at 8:04 PM, Diego Viola diego.vi...@gmail.comwrote:
I was just trying to deny everything, and I got confused at what the
default in the list made, but I got it now.
So I have list name=domains default=deny and that alone denies
the registration, which is what I want, but I can still make calls.
And I have this: param name=apply-inbound-acl value=domains/
Shouldn't the domains which is defaulted to deny block the inbound
calls?
Thanks, I hope this doesn't make anyone nervous, just trying to learn :)
Regards,
Diego
On Tue, Apr 21, 2009 at 5:34 PM, Michael Collins
m...@freeswitch.orgwrote:
On Tue, Apr 21, 2009 at 1:15 PM, Diego Viola diego.vi...@gmail.comwrote:
Nope, I just wanted to allow 1 ip, 192.168.0.100.
Then why have a deny for this address? Don't you want something like
this?
node type=allow cidr=192.168.0.100/32/
-MC
Diego
On Tue, Apr 21, 2009 at 9:27 AM, Brian West br...@freeswitch.orgwrote:
Do you want to allow these IP ranges?
/b
On Apr 21, 2009, at 6:08 AM, Diego Viola wrote:
node type=deny cidr=192.168.0.100/32/
node type=deny cidr=192.168.0.0/24/
Brian West
br...@freeswitch.org
-- Meet us at ClueCon! http://www.cluecon.com
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:
http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
___
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Diego, I highly recommend you seek professional help... You seem to be talking to yourself A LOT! :P just kidding... good you understand it now! /b On Apr 21, 2009, at 8:44 PM, Diego Viola wrote: I got it, thanks people :D Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Thanks Brian. Couldn't have made it without your help. Regards, Diego On Tue, Apr 21, 2009 at 9:55 PM, Brian West br...@freeswitch.org wrote: Diego, I highly recommend you seek professional help... You seem to be talking to yourself A LOT! :P just kidding... good you understand it now! /b On Apr 21, 2009, at 8:44 PM, Diego Viola wrote: I got it, thanks people :D Brian West br...@freeswitch.org -- Meet us at ClueCon! http://www.cluecon.com ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Diego Viola diego.vi...@gmail.com wrote: I got it, thanks people :D Could you now add it to the documentation? ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] ACL not working
Sure. On Tue, Apr 21, 2009 at 10:37 PM, Jason White ja...@jasonjgw.net wrote: Diego Viola diego.vi...@gmail.com wrote: I got it, thanks people :D Could you now add it to the documentation? ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
