On Sun, May 28, 2006 at 11:41:00PM -0400, Steve Totaro wrote: > Henry J. Cobb wrote: > >>to increase the security for remote extensions I would like to limit a > >>sip-peer to a specific MAC address. Is it possible to "hook into" the > >>authentication mechanism in asterisk and allow/deny incoming > >>registrations? > >> > > > >This would be only mildly useful on the same subnet and completely useless > >over the internet. > > > >-HJC > > > > > I think it would work just fine over the internet using a bridged VPN.
Anyway, Asterisk does not get this information. This is something you have to set up at the firewall level (e.g.: iptables/netfilter on Linux). At most the firewall can "color" the packets of some SIP connections to allow another component to filter by that (e.j: iptables -j MARK) Not to mention the well-known fact that mac addresses can also be faked. -- Tzafrir _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
