Hello Lars, You can apply any acl to any profile. What you should do really depends on what you want to accomplish.
But let's take a simple example. Let's say you want to allow any phone on your internal network (192.168.0.0/24) to connect to your internal profile and make calls without having to provide a password. Then you could simply put these entries in your internal sofia profile. <param name="apply-inbound-acl" value="192.168.0.0/24"/> <param name="apply-register-acl" value="192.168.0.0/24"/> In that case, you do not need to include anything in the directory. The cidr entries in the directory are for providing additional control for each user id and what IPs they are allowed to make calls from. For your external profile, you may not want to have any ACLs at all, as you may not want to limit which IPs can connect to your switch to send you incoming calls. BUT, you need to make sure the dialplan connected to that external profile doesn't allow anyone to dial numbers that are not hosted on your system without proper authentication or controls. And believe me, people WILL try to do that. I've set up my system to email me whenever this happens and I have logged over 100 attempts to dial international numbers just since December 3rd. Hope this helps, Bill Lars Zeb wrote: > Bill, > > Thanks for your ACL Overview. Perhaps you can help me understand more > clearly. > > If you include the "local-network-acl" and "apply-inbound-acl" params in the > sip_profiles and setup the list for "localnet.auto" in acl.conf.xml, does > this mean you do not have to include the cidr attribute for individual > extensions in the directory/default folder? > > Is "apply-inbound-acl" supposed to exist in both internal and external > profiles while "apply-inbound-acl" is only in the internal? > > Thanks, Lars > _______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
