hello, I need help with ACL configuration of extensions
I want to accept remote extension register only for certain extensions
I have tried to fill Match (Permit) seсtion of extension but it didn’t affect anything
I have tried to manually add in pjsip.identify_custom.conf deny=0.0.0.0/0.0.0.0
permit=184.108.40.206/32 but the same
how can I realise that ?
Current Asterisk Version: 16.30.0
Current PBX Version: 220.127.116.11
Current System Version: 12.7.8-2306-1.sng7
The Permit part of Match (Permit) is misleading. You are actually matching extensions by user name, and that is ORed with any IP address match; FreePBX PJSIP extensions never need Match (Permit).
As far as I know, the GUI doesn’t support specifying ACLs, so you would need to use custom configuration. Note that ACLs are not endpoint specific, so will give little benefit over the firewall:
Note that there are known vulnerabilities in 16.30.0 and security fixes for Asterisk 16 will cease entirely some time in October.
I saw “EXAMPLE ACL CONFIGURATION” but I cant understand how to apply this,
for example in wich _custom.conf file and section need to add deny=18.104.22.168 to restrict register even log/pass are correct ?
As I read ti the section name doesn’t matter, and it can probably go in any custom file for pjsp.conf.
Note that it will apply to INVITE as well as REGISTER, which is probably what you want, as there is no requirement for an extension to REGISTER before it originates a call.
I can’t imagine many people use this. They are more likely to block using the firewall than ACL.
firewall doesn’t allow restrict access based on externsions, ACL does
I have tried add ACL to identifi section but doesnt working
same with adding acl=myacl (myacl defined in acl.conf, acl show displays the list)
what am I doing wrong ?
The example clearly shows that it goes in a type=acl section and its effect is global. Your original example was a single deny, which might be meaningful. A single allow is unlikely to be useful.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.