Hello, this is really an Asterisk question. Here in Kamailio we'd recommend you do that filtering at the proxy level, using the "permissions" module.
Regards, David Villasmil email: [email protected] phone: +34669448337 On Sun, Oct 10, 2021 at 6:52 PM Mihai Cezar <[email protected]> wrote: > Hi, > > The last matching rule is the one used. If no rule matches, then the > connection is permitted. > > Example: > deny=0.0.0.0/0.0.0.0 > permit=1.2.3.4/32 > Deny every address except for the only one allowed. > > Basically the rules are processed from the first to the last. > > On Sat, Oct 9, 2021 at 3:26 PM Bugaian A. Vitalie <[email protected]> > wrote: > > > > Hi, > > > > I think its the order you apply the ACL, first permit some, then deny > any? > > > > Vitalie. > > > > On Sat, Oct 9, 2021 at 1:58 PM Mihai Cezar <[email protected]> wrote: > >> > >> Hello, > >> > >> I have an issue with filtering on the asterisk side, my requests are: > >> UsersPhones(bria) -> Kamailio -> Asterisk -> Sip Trunk Out. > >> > >> The goal is to manage a new layer of protection ( IP filtering / > Whitelisting ). > >> When I try to compile a list of Whitelisted IP in sip.conf I get this > error: > >> > >> NOTICE[205]: acl.c:748 ast_apply_acl: SIP contact ACL: Rejecting > >> '145.72.23.45' due to a failure to pass ACL '(BASELINE)' > >> WARNING[205]: chan_sip.c:17061 parse_register_contact: Domain > >> '5.12.16.2:48669' disallowed by contact ACL (violating IP > >> 145.72.23.45) > >> WARNING[205]: chan_sip.c:17933 register_verify: Registration denied > >> because of contact ACL > >> > >> The IP 145.72.23.45, is the proxy kamailio and if I added it to > >> sip.conf it works, but so does every ip afterwards. > >> > >> I tried with contactpermit also with permit, the result is the same as > >> long as I permit the proxy ip it works. Is there something that I can > >> do on the asterisk side to activate this filtering Or there is > >> something that I can do in Kamailio so it will forward the realip ? > >> > >> contactdeny=0.0.0.0/0.0.0.0 > >> contactpermit=145.72.23.45/32 > >> contactpermit=5.12.16.2/32 > >> > >> > >> Thanks in advance, > >> > >> __________________________________________________________ > >> Kamailio - Users Mailing List - Non Commercial Discussions > >> * [email protected] > >> Important: keep the mailing list in the recipients, do not reply only > to the sender! > >> Edit mailing list options or unsubscribe: > >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > __________________________________________________________ > > Kamailio - Users Mailing List - Non Commercial Discussions > > * [email protected] > > Important: keep the mailing list in the recipients, do not reply only to > the sender! > > Edit mailing list options or unsubscribe: > > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
