Permissions does seem a good way to go, but really stop and ask yourself WHY you don't want to use a database, as "writing data to a file" is still a form of a database (it's not an RDBMS, but given the usage, it's a database). So, it's under this guise that I ask: What's wrong with SQLite?
Regards, Kaufman ________________________________ From: Sergio Charrua via sr-users <[email protected]> Sent: Thursday, October 23, 2025 12:19 PM To: Kamailio (SER) - Users Mailing List <[email protected]> Cc: Fernando Lopes <[email protected]>; Sergio Charrua <[email protected]> Subject: [SR-Users] Re: Whitelisting and Blacklisting IPs Without Using a Database CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Fernando! you're almost there! The permissions module has the parameters default_allow_file and default_deny_file where you specify file path for each allow and deny files. In each file you specify: groupid as integer address as string netmask as optional integer port as optional integer . If 0 then any port tag as optional string Ex.: 100 10.200.0.0 24 5060 all_the_range If you set the above line in the allow file, it means that Kamailio will accept SIP messages from any node in the 10.200.0.0/24<https://urldefense.com/v3/__http://10.200.0.0/24__;!!KWzduNI!ZvN5eKoCEh3nDRUITCmQnv3GRm7Ej9APuNV3lK-esp6QP5fK5zvHUvgHKT4ojLmOaMtsc2SHHJ-LbZIcLKpeNA0$> range. If on the deny file, Kamailio will deny same IP range. As for the code, I usually do: #!ifdef WITH_ACL $var(GROUPID) = allow_address_group($si, $sp); if ( $var(GROUPID) == 100 || !$var(GROUPID) ) { xlog("L_WARN", "INIT - $si:$sp is not in the allowed ACL Group ID !\n"); # uncomment below if you wish to return SIP 401 error to non-allowed clients #sl_reply("401", "Address not allowed"); exit; } if (is_method("OPTIONS") && $sht(evapistatus=>state) > 0 ) { // reply to OPTIONS only if Kamailio has an EVAPI connection active sl_send_reply("200","OK"); exit; } #!endif Where group ID 100 is a DENY group. I use DB because it is way more flexible when you have 300 Kamailio nodes..... Also, the permissions module doesn't query DB on every request, in fact it load the DB Permissions Table data into memory and refreshes every "reload_delta" parameter value. Having the data in DB is much easier, IMHO. Hope this helps! Atenciosamente / Kind Regards / Cordialement / Un saludo, Sérgio Charrua www.kahea.ai<https://urldefense.com/v3/__http://www.kahea.ai__;!!KWzduNI!ZvN5eKoCEh3nDRUITCmQnv3GRm7Ej9APuNV3lK-esp6QP5fK5zvHUvgHKT4ojLmOaMtsc2SHHJ-LbZIccGpFlSc$> / www.voip.pt<https://urldefense.com/v3/__http://www.voip.pt__;!!KWzduNI!ZvN5eKoCEh3nDRUITCmQnv3GRm7Ej9APuNV3lK-esp6QP5fK5zvHUvgHKT4ojLmOaMtsc2SHHJ-LbZIcXxHifu0$> OpenTelecom - Consulting for Telecoms, Lda Tel.: +351 <callto:+351+91+104+12+66> 91 631 11 44 Email : [email protected]<mailto:[email protected]> This message and any files or documents attached are strictly confidential or otherwise legally protected. It is intended only for the individual or entity named. If you are not the named addressee or have received this email in error, please inform the sender immediately, delete it from your system and do not copy or disclose it or its contents or use it for any purpose. Please also note that transmission cannot be guaranteed to be secure or error-free. On Thu, Oct 23, 2025 at 6:59 PM Fernando Lopes via sr-users <[email protected]<mailto:[email protected]>> wrote: Hello everyone, I have a question: is there a way to whitelist and blacklist IP addresses without using a database table? I’m currently using the permissions module to block some traffic, but I’d also like to ban specific IPs. Ideally, I’d prefer not to use a database — I’d rather use a file-based approach, something like a permissions.allow file. Thank you. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Important: keep the mailing list in the recipients, do not reply only to the sender!
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
