Multi-Tenant Extension Firewall w/CustomContextx?

I’ve looked for documentation on this because it seems like it should be a very common request, yet just about everything I see on CustomContexts is related to outbound routes.

Imagine I have extensions 100-110 and I name those CustomContext “GroupA” and I name 200-210 as “GroupB”. Can anyone tell me how I’d eliminate GroupA and GroupB from dialing each other?

Thank you in advance,
RKM

Forget Custom Contexts for this, it will just confuse you.

Create two new contexts in /etc/asterisk/extensions_custom.conf (just add these to the bottom of the file):

[from-group-a]
exten => _2XX,1,Goto(app-blackhole,congestion,1)
exten => _[*0-9]!,1,Goto(from-internal,${EXTEN},1)
exten => h,1,Hangup()

[from-group-b]
exten => _1XX,1,Goto(app-blackhole,congestion,1)
exten => _[*0-9]!,1,Goto(from-internal,${EXTEN},1)
exten => h,1,Hangup()

After you do that:

Go to the extension configuration page for each extension in Group A and change the context from from-internal to from-group-a.

Go to the extension configuration page for each extension in Group B and change the context from from-internal to from-group-b.

The way this works is if someone in Group A attempts to call an extension in the 200-299 range, OR if someone in Group B attempts to call an extension in the 100-199 range, the call is diverted to “congestion” (a fast busy signal). Otherwise, the call goes to the from-internal context and is processed in the normal way.

No nice way to do this from a GUI page, unfortunately. But, this is pretty simple, I think.

Or better yet (inspired by a comment by a reader of my blog, where I posted an article about this that goes into a bit more detail about this method and some of the pitfalls, so you may want to read it):

[from-restricted-exts] exten => _2XX/_1XX,1,Goto(app-blackhole,congestion,1) exten => _1XX/_2XX,1,Goto(app-blackhole,congestion,1) exten => _[*0-9]!,1,Goto(from-internal,${EXTEN},1) exten => h,1,Hangup()

Then you would change the context for all “restricted” extensions from [B]from-internal[/B] to [B]from-restricted-exts[/B] — this should have the exact same effect as the contexts in my previous posts (but now you only have one added context, not two).