On Wed, 17 Sep 2008, Jared Smith wrote: > On Wed, 2008-09-17 at 19:58 +0200, Remco Barendse wrote: >> Why doesn't Asterisk allow both username&pass as well as setting an ip >> adress on a sip.extension? > > It does. To enforce ACLs on a SIP user or peer or friend, simply use > "permit" and "deny" statements to allow and disallow various IP > addresses or subnets. Standard practice seems to be to deny everything > first, then specifically allow other IP addresses. > > [user] > type=friend > secret=mypassword > host=dynamic > deny=0.0.0.0/0 > permit=10.1.2.3 > permit=192.168.123.0/24 > permit=192.168.222.0/255.255.255.0
Cool, this is exactly what i was looking for, i couldn't find a reference to it anywhere else. Suprising that this feature isn't used much, i would suspect that many asterisk installations (including mine) have very simple (short) extension numbers which makes brute forcing them rather easy. I was never concerned about short extension numbers and easy passwords until the need came up to connect to my * box from outside. Thanks again! _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
