FreePBX AllowList Caller Module -- to block all but a list of allowed callers

Hmm, I have MQTT messages coming out of my FreePBX system regularly but nothing going into it – I do have a home occupied flag that is maintained by my HA system that would probably be useful to send to Asterisk.

I’m looking at the AGI scripts Lorne Gaetz posted in the robocalls thread mentioned above. Those might help with looking up contacts in the Contact Manager as well.

Ultimately if you are using contact manager then the actual whitelist is a bit redundant, I’m thinking of adding a switch to treat all contact manager entries as whitelisted. That doesn’t sound too complicated.

Any thoughts on the best place to hook into the outbound dialplan to automatically add called numbers to the whitelist?

Particularly "How do I do X on every outbound call?"

I would start with

exten => s,1,NoOp(Entering user defined context macro-dialout-trunk-predial-hook in extensions_custom.conf)
exten => s,n,DumpChan()
exten => s,n,Set(DB(whitelist/${DIAL_NUMBER:-10}/date)=${EPOCH}) 
exten => s,n,Set(DB(whitelist/${DIAL_NUMBER:-10}/destination)=We_called

; additional lines here 
exten => s,n,MacroExit

which will show all the channel variables you can read (and sometimes re-write ) in your agi script.

1 Like

I found macro-dialout-trunk-predial-hook but it appears to be intended for admins to customize their own systems rather than for FreePBX Modules to overwrite. I’m looking where it is called, but for now I am working on the whitelist from contact manager – I shamelessly copied Lorne Gaetz’s lgaetz-cmcheck.php to do the contact manager lookup – reading up on how to properly package agi scripts with modules.

Well I got whitelisting of users in the contact manager working. I packed the agi script following what I found in the superfecta module, seemed pretty reasonable. I’m not checking on whether the contact manager is installed or not so that’s on the todo list.

But now I’m off to figure out automatically adding outbound callers to the whitelist.

I got auto adding called numbers working at a prototype stage.

Also I tested the bulk import on a file that I pulled of our dialed numbers out from our CDR info and bulk uploaded it to a CNAME site. So that whitelist pretty much anyone we’d want to get a call from now.

I’m going to have to relook at the Contact Manager whitelisting – I think that script should check asterisk phonebook as well, and handle the case where Contact Manager is not installed.

This module splices into the macro-dialout-trunk context which might be useful for you:

I see you’re reusing the returnhere channel var from the blacklist module, it might be wise to change the name to something different in your module.

There appears to be a recentish realization that the name “blacklist” is culturally insensitive, and should be renamed to “BlockList”. That being the case, if there is not already a corresponding preferred name for whitelist, I suggest ‘AllowList’, with the added benefit that they will be listed together alphabetically. I would only just rename the GUI elements without changing the underlying rawname/code.

1 Like

Good point about the ‘sensitive’ wording – that will be some sed scripting time, I’ll change the module name and all the references to the word ‘allow’ – I must have missed the channel var there, I’ll fix that as well.

The name of the module has been changed to allowlist. I’ve also fixed the channel var collision. Anyone who starred or followed the repository will have to do it again.

I also edited the title of this thread as well.

1 Like

How did you compute the number (-4) to use for $spliceposition ?

Ya know someone did this :wink:

Yeah it was just a few lines of sed to completely change over my module to ‘allowlist’. Even all the code behind modules are renamed. The biggest pain was remaking the repository.

Whoof, after an exercise in futility chasing down an errant ‘)’ I finally got the splicing into the dialplan working. I add two lines just above the label “gocall” which I think is the place to put the check to see if an outbound dialed number should be added to the allow list. If anyone has better ideas let me know.

1 Like

Only now just getting a chance to try this. You need to update how the AGI file is referenced. Change the module folder for the agi from agi to agi-bin and then reference the agi filename directly without a path. The module install process (you will need to install the module again) will automatically copy the agi and set appropriate permissions. This will allow it to work with fastagi when enabled.

1 Like

Thats cool – I figured there had to be some way FreePBX would support those AGI scripts and get them to the right directory.

I’ve updated the github repository with the changes for FastAGI

1 Like

Lorne, others – did you have any thoughts on whether it is worth me trying to contribute the module to FreePBX? I’ve got some ideas but other than that and checking for the installation of Contact Manager before trying to use it as an allowlist I’m pretty much done with all my ideas on this one.

SPAM call detection is something I want to look at as a separate issue, perhaps using some of the IVR ideas noted in this thread. I see that as not so much the responsibility of the allowlist module but rather of the destination it sends non-allowlisted callers to.


Email sent. You can contact me via email with my forum username @

I found it, thanks!

What is the best way to check if contact manager has been installed on a FreePBX system? I need to make sure that the checks do not blow up if it is not present.


I am trying to create a way for someone to hook into the [app-allowlist-check] routine so they can override the checks from the module with anything that they can think of – I added a channel variable “callerallowed” which if set to “1” upon entering [app-allowlist-check] would bypass all of the generating checking and let their custom dialplan override.

I though that FreePBX way of adding “#include => xxxx-custom” everywhere was the way this could be done – however since Asterisk checks the current context before looking into included ones this does not work. The custom dialplan isn’t evaluated until after the regular dialplan is.

That seems counter intuitive to anyone used to the way programming languages use include files so I suspect I am misunderstanding the entire xxx-custom approach that FreePBX uses.

What I am trying to do is give administrators a way to add extra custom allowlist checking rules via extensions_custom.conf – I hope there is a way to make that work.

One thing I had thought to try is do something like have the module write out the app-allowlist-check contect this way:

include => app-allowlist-check-custom
include => app-allowlist-internal

auto generated dialplan logic goes here

Can anyone offer any tips or suggestions?


You want a dialplan hook, which currently rely on the deprecated macro application, but you can be the first to create a gosub hook:"Replace%20macro%20gosub"

In your case you don’t need the macro part at all, just use gosubif and check for the existence of the context. Not tested:

exten => s,n,GoSubIf($[${DIALPLAN_EXISTS(app-allowlist-check-predial-hook,s,1)}]?app-allowlist-check-predial-hook,s,1())
1 Like

You could define contact manager as a dependency of allowlist, that is a pretty workable solution as it’s OSS and would be available for all installs. In module.xml something like:


Otherwise, I would expect method_exists or class_exists would do it as well, tho I can’t recall ever seeing an example of that.

1 Like