On Monday 13 January 2014 13:06:56 jay binks wrote:
> So Im looking at a way of implementing IP Network ACL's in kamailio..
>
> block all except specific subnets etc..
>
[multiple cidrs]
>
> is there a benevolent kamailio developer on the list who is able to add
> this simple feature for me ?
I'm using mysql to do this, but a little math makes it work from any source.
usr_preference contains stuff like 0.0.0.0/0 or something stricter, implicit
denies for users without acl records.
route[ACL]
{
if(!avp_db_query("select value from usr_preferences where
username='$au' and attribute='acl' and
inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1 << (32 -
substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32) - 1 & ~((1 <<
(32 - substring_index(value,'/',-1))) - 1)"))
{
sl_send_reply("403", "Not Allowed by ACL");
exit;
}
return;
}
--
POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/ - http://www.sipo.nl/
K.v.K. Eindhoven 17097024
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
