Blacklist Module Not Working When Allowlist Module is Enabled

Hello, I am having an issue with these two modules working together. I installed Allowlist and that module is working great. However, ever since I enabled it for an Inbound Route, the Blacklist stopped working for that specific Inbound Route.

To further explain, I have 2 DID’s & 1 Inbound Route configured for each of those DID’s. I have phone numbers setup in the Allowlist Module & Blacklist Module. I turned on the ‘Enable Allowlist Screening’ setting for one of the Inbound Routes and left it off for the other.

If I call the DID that is associated with the Inbound Route that has ‘Enable Allowlist Screening’ turned off, the Blacklist works as expected.

If I call the DID that is associated with the Inbound Route that has ‘Enable Allowlist Screening’ turned on, the Blacklist does not work and the call will go right through to the IVR. If I shut off the Allowlist for this DID as well, the Blacklist works.

Am I missing something here? I tried searching the forums and could not come up with anything. Any help would be appreciated

I’m using the latest version of Freepbx 15 (v15.0.17.67). The Allowlist module is version 15.0.12. The Blacklist Module is version 15.0.2.17. Asterisk version is 16.20.0, in case that information is needed.

I remember testing this when allowlist was new, so I know it was working at one point. Can you share a call trace via pastebin of a call that should be blacklisted and isn’t?
https://wiki.freepbx.org/display/SUP/Providing+Great+Debug#ProvidingGreatDebug-AsteriskLogs-PartII

Sure @lgaetz Since I am a new user, it will not let me post links yet, however, here is the last part of the pastebin URL: xqtWHA1V [freepbx blacklist module - Pastebin.com - mod]

Hopefully, you can get to it like that. If not, let me know and we can figure something else out. I removed the phone numbers from the pastebin log.

[you should be able to post links now - mod]

The call trace shows that you are missing some dialplan lines. At the Asterisk CLI if you do this command and share the result:

dialplan show xxxxx@from-pstn

where x’s are inbound route DID. On my working system, I see lines like these:

                5. Set(alreturnhere=1)                        [extensions_additional.conf:2159]
                6. Gosub(app-allowlist-check,s,1())           [extensions_additional.conf:2160]
                7. Set(returnhere=1)                          [extensions_additional.conf:2161]
                8. Gosub(app-blacklist-check,s,1())           [extensions_additional.conf:2162]
 [did]          9. Set(CDR(did)=${FROM_DID})                  [extensions_additional.conf:2163]
                10. GotoIf(${LEN(${ALDEST})}?${ALDEST})       [extensions_additional.conf:2164]
                11. GotoIf(${LEN(${BLDEST})}?${BLDEST})       [extensions_additional.conf:2165]

The two lines above priorities 10 and 11 are missing from your call trace, and I’m unable to reproduce this on my own system. Noteworthy as well that the intercept line is also missing for allowlist, I don’t think it would block the call either in the scenario you’ve provided.

Maybe it wou

Hmm. Interesting. I see Priorities 8 & 9 after running that command. Here is a pastebin of the Asterisk CLI output: Asterisk CLI - Pastebin.com

Hi @lgaetz I tried to uninstall the Allowlist module and reinstall it and sadly, that did not help. I also went through and double checked my trunk settings, incoming routes, outbound routes to make sure I did not miss anything and to my knowledge, everything looks ok…Anything else I should look for or try?

Looking again at the call trace you provided, I can see now that I misinterpreted what I was seeing. You are not missing any lines. For the call in question, this line

[2022-01-15 12:57:08] VERBOSE[19682][C-00000091] pbx.c: Executing [000@from-pstn:10] GotoIf("PJSIP/fpbx-1-PkoMoq4CBXGh-pjsip-00000427", "18?timeconditions,7,1") in new stack

This line, I now realize, is telling us that you have the caller’s CID in the allowlist, and since it’s allowed the blacklist check is not performed. It’s not expected that you will have the same CID in both the blacklist and allowlist.

That could’ve been possible because at one point I was testing the Allowlist and might have forgotten to remove that number from it while testing the Blacklist. With that said, I just double checked, and the phone number only exists in the Blacklist. I also tried using a different phone number altogether in the Blacklist and I was still able to get through on the DID that has Allowlist screening turned on, but not on the other. Do I need to restart Asterisk or anything after adding/removing numbers from either list? So odd…

Maybe I’m still not fully understaning what the call trace is telling me. What destination do you have set for non-allowlisted calls? Are you blocking them or sending to an IVR?

Under Settings for the Allowlist module, I have the Destination set to an IVR.

So for callers that are NOT in the allowlist, you want them to go to the IVR? Or do you want them to be blocked?

In general, yes. Some context, the reason I am using the Blacklist to begin with is because we started getting calls from someone who was harassing our staff. So, I put their number in the Blacklist and set the destination under Blacklist to just hang up. That is when I discovered this whole issue. From what I understand, the numbers in the Blacklist get processed first before the Allowlist, so I figured this should work. I do not want to block everybody that is not in the Allowlist, just this particular number. Am I misunderstanding or going about this the wrong way?

I hope this makes sense what I was trying to accomplish…

After much misunderstanding and false starts, I think I’m finally zeroing in on the actual issue here. Thank you for the hand holding. This is the call flow as I understand it right now when both modules are enabled on an inbound route …

Inbound Call
    |_  Is caller in allowlist?
    |           |_ Yes? Continue with normal call flow
	|			|_  No? Go to this specific destination here 
	|
    |__ Is caller in black list?      	
                |_ Yes? Go to this other destination there 
				|_  No? Continue with normal call flow

@mitchmitchell I know you’ve put some thought into this, what is your opinion here? If I’ve detailed the call flow correctly from my understanding of the dialplan, then the blacklist will ONLY apply to callers that have previously been added to the allowlist. The checks need to be reversed with blacklist being called first.

If I’m right, then adding the undesirable CID to the allowlist will actually cause it to become blacklisted properly. Can you confirm that @davidi ?

I just added the same phone number to both the Allowlist and Blacklist and just like you suspected, the call terminated immediately when I called that DID. Hmmm. That is interesting indeed. I read in a post by the Allowlist author, that the Blacklist rules should apply first. Here is the post: FreePBX AllowList Caller Module – to block all but a list of allowed callers - FreePBX / Applications / Modules - FreePBX Community Forums

Thank you for taking the time to look into this issue by the way. I appreciate it.

I’ll take a look, blacklist should be applied first, but maybe I have something messed up.

I’ve confirmed the splicing logic is incorrect. I’ll dig into the splicing function and figure out how to fix it.

I have created a pull request to fix this issue.

You can test it from this repository: https://git.freepbx.org/scm/~mitchmitchell/allowlist.git

Its on the release/16.0 branch.

Hi, I’ll try this at work tomorrow and get back to you. Should I uninstall the current version first and then install this one? Or, that should not matter?

I’m sorry, I did not get a chance to try your fix today. Work was hectic. Will shoot for tomorrow.