More info: <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/> <!-- <param name="accept-blind-reg" value="true"/> --> <!-- <param name="accept-blind-auth" value="true"/> -->
So any ideas? On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.vi...@gmail.com> wrote: > Hey guys, > > I'm currently testing FS inside a LAN. FreeSWITCH is running on > 192.168.0.101 and my softphone is on 192.168.0.100. > > I can register and make calls just fine, but I want to deny everything in > order to learn how the ACL works. > > I have this on the internal profile: > > <param name="apply-nat-acl" value="rfc1918"/> > <param name="apply-inbound-acl" value="domains"/> > <param name="apply-register-acl" value="domains"/> > > And this is how my acl.conf.xml looks, it's all set to deny: > > <configuration name="acl.conf" description="Network Lists"> > <network-lists> > > <list name="dl-candidates" default="deny"> > <node type="deny" cidr="10.0.0.0/8"/> > <node type="deny" cidr="172.16.0.0/12"/> > <node type="deny" cidr="192.168.0.0/16"/> > </list> > > <list name="rfc1918" default="deny"> > <node type="deny" cidr="10.0.0.0/8"/> > <node type="deny" cidr="172.16.0.0/12"/> > <node type="deny" cidr="192.168.0.0/16"/> > </list> > > <list name="lan" default="deny"> > <node type="deny" cidr="192.168.42.0/24"/> > <node type="deny" cidr="192.168.42.42/32"/> > </list> > > <list name="strict" default="deny"> > <node type="deny" cidr="208.102.123.124/32"/> > </list> > <!-- > This will traverse the directory adding all users > with the cidr= tag to this ACL, when this ACL matches > the users variables and params apply as if they > digest authenticated. > --> > <list name="domains" default="deny"> > <node type="deny" domain="$${domain}"/> > <node type="deny" cidr="192.168.0.0/24"/> > </list> > > </network-lists> > </configuration> > > But I'm still allowed to register with the 1000 user and make calls, to the > conference extension, etc... I can't understand this, if it's all to deny > and the cidr is set to 192.168.0.0/24 on the "domains" context, which is > what hte profile uses, shouldn't the registration/call be denied. I have > tried many conbinations but whenever I change something it wont make any > difference. > > Please help me. > > Thanks, > > Diego >
_______________________________________________ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org