Hi, The last matching rule is the one used. If no rule matches, then the connection is permitted.
Example: deny=0.0.0.0/0.0.0.0 permit=1.2.3.4/32 Deny every address except for the only one allowed. Basically the rules are processed from the first to the last. On Sat, Oct 9, 2021 at 3:26 PM Bugaian A. Vitalie <[email protected]> wrote: > > Hi, > > I think its the order you apply the ACL, first permit some, then deny any? > > Vitalie. > > On Sat, Oct 9, 2021 at 1:58 PM Mihai Cezar <[email protected]> wrote: >> >> Hello, >> >> I have an issue with filtering on the asterisk side, my requests are: >> UsersPhones(bria) -> Kamailio -> Asterisk -> Sip Trunk Out. >> >> The goal is to manage a new layer of protection ( IP filtering / >> Whitelisting ). >> When I try to compile a list of Whitelisted IP in sip.conf I get this error: >> >> NOTICE[205]: acl.c:748 ast_apply_acl: SIP contact ACL: Rejecting >> '145.72.23.45' due to a failure to pass ACL '(BASELINE)' >> WARNING[205]: chan_sip.c:17061 parse_register_contact: Domain >> '5.12.16.2:48669' disallowed by contact ACL (violating IP >> 145.72.23.45) >> WARNING[205]: chan_sip.c:17933 register_verify: Registration denied >> because of contact ACL >> >> The IP 145.72.23.45, is the proxy kamailio and if I added it to >> sip.conf it works, but so does every ip afterwards. >> >> I tried with contactpermit also with permit, the result is the same as >> long as I permit the proxy ip it works. Is there something that I can >> do on the asterisk side to activate this filtering Or there is >> something that I can do in Kamailio so it will forward the realip ? >> >> contactdeny=0.0.0.0/0.0.0.0 >> contactpermit=145.72.23.45/32 >> contactpermit=5.12.16.2/32 >> >> >> Thanks in advance, >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * [email protected] >> Important: keep the mailing list in the recipients, do not reply only to the >> sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
