Hi Ionel, I agree with James, you should not be editing the adaptive ban script, there are several problems that will cause.
Maybe as a group we can simplify James's solution so it can be more generically included into an existing dialplan. Note James's code only works for Asterisk 1.4, so we need both 1.4/1.8 with one commented out. We can add the final community tested version to the WiKi. Off the top of my head, a *untested* macro could look like... Note: By using the "Dialplan Noted Suspicious IP Address" Log() the normal Adaptive ban count will be required for an actual IP ban. So a couple mis-dials won't create a ban. [macro-ban-caller] exten => s,1,Ringing exten => s,n,Wait(1.1) exten => s,n,Answer ; ; Comment / Uncomment for your Asterisk version ; For Asterisk 1.4 ;exten => s,n,Set(BANIP=${SIPCHANINFO(recvip)}) ;exten => s,n,Log(NOTICE,\'${BANIP}\' - Dialplan Noted Suspicious IP Address) ; ; For Asterisk 1.6/1.8 exten => s,n,Set(BANIP=${CHANNEL(recvip)}) exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address) ; ; Optional - Uncomment to record Suspicious IP Address ;exten => s,n,System(echo ${BANIP} >> /mnt/kd/suspicious-ip-list) ; exten => s,n,Playback(silence/1) exten => s,n,Zapateller ; send "Special Information Tone" (SIT) exten => s,n,Playback(silence/1) exten => s,n,Zapateller ; send "Special Information Tone" (SIT) exten => s,n,Wait(0.5) exten => s,n,Playback(ss-noservice) exten => s,n,Wait(1) exten => s,n,Hangup Then call as a catch-all for an invalid incoming extension via the default context in sip.conf: exten => _X.,1,Macro(macro-ban-caller) or maybe exten => i,1,Macro(macro-ban-caller) Join the Fun! :-) Lonnie PS: When banning IP's from the dialplan, I'd strongly suggest using the following syntax rather than calling "iptables" from the dialplan. -- ; For Asterisk 1.4 exten => s,n,Set(BANIP=${SIPCHANINFO(recvip)}) exten => s,n,Log(NOTICE,\'${BANIP}\' - Dialplan Noted Suspicious IP Address) ; For Asterisk 1.6/1.8 exten => s,n,Set(BANIP=${CHANNEL(recvip)}) exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address) -- We added "Dialplan Noted Suspicious IP Address" support to the Adaptive Ban plugin over a year ago. Make sure you test it. For Reference: James's dialplan code: -- ; Don't accept any calls not identified above exten => _X.,1,Gosub(store-cid,s,1) exten => _X.,n,Set(CDR(userfield)=${EXTEN}) exten => _X.,n,Notify(${CALLERID(num)}|${CALLERID(name)}|${EXTEN}0/172.20.0.100) exten => _X.,n,Wait(1) exten => _X.,n,Answer() exten => _X.,n,Set(BANIP=${SIPCHANINFO(recvip)}) exten => _X.,n,NoOp(IP is ${BANIP}) exten => _X.,n,System(echo ${BANIP} >> /mnt/kd/banlist) exten => _X.,n,System(iptables -A ADAPTIVE_BAN_CHAIN -p udp -s ${BANIP} -j ADAPTIVE_BAN_DROP_CHAIN) exten => _X.,n,Zapateller() exten => _X.,n,Playback(the-number-u-dialed) exten => _X.,n,SayDigits(${EXTEN}) exten => _X.,n,Playback(has-been-disconnected&or&no-longer-in-service) exten => _X.,n,Playback(check-number-dial-again) exten => _X.,n,Congestion(5) exten => _X.,n,Hangup() -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.