New Distro Install -- how to setup basic extensions and restrict some?

Hey guys.
I have a Distro install using Asterisk 12 and FreePBX 12. I don’t need to hook this up to any “real numbers” (DIDs) – I just need to setup some extensions for making test extension calls.
…and I have done just that. I have several extensions. Like extension 300, 301, 302, etc., and they can all register and call eachother. great!
However, there is some additional setup I am having problems with. Right now I have several other groups of extensions like 400,401,402,etc. and even 500,501,502. What I want to do is only allow extensions in 300-range to call eachother, but not any of the 400-something or 500-something extensions. And similarly for 400-range extensions, and 500-range, and so on. Basically, I want these groups of extensions to be “isolated” from the rest of all the extensions. Nobody comes in – nobody goes out!
I have tried with no success tinkering with Outbound Routes and Trunks. (The context of all my extensions are “from-internal” so I believe this means they don’t use Outbound routes… i’m not really sure). I also have the commercial module called “Extension Routing” from SchmoozeCom, which is the successor of sorts to the 3rd party unsupported “custom contexts” module. However, I still haven’t had much luck. FWIW, I used to be able to use Custom Contexts to achieve what I’m describing, but I decided it was time to try things another way, since it is unsupported.

One other “bonus” issue to tackle: Actually, there are some extensions that are “admin-level” that don’t have to be restricted. So basically, let’s say I have “admin extensions” of 100,101, and 102. Well those extensions can freely call any other extension. (but they do not accept calls from non-admin extensions like 300-500 - range extensions)

With Class of Service and Extension Routes you can sorta do what you want. Blocking calls between extensions, however, causes no end of problems. Just don’t tell the users about the other range, or, block them from dialing it when you provison their phones?

Or don’t try to implement a muli-tennent system using Asterisk/FreePBX.

HeHe, or try to do that and eventually fail miserably, like many of us have in the past, well, me for one :slight_smile: . Look at Kamailio or any SIP proxy before multiple instances of FreePBX, all are easily Virtualized.

Thanks to yall for the responses. Yeah, blocking extensions may not be what FreePBX is “made for” per se, but I think this is possible… Rob do you care to elaborate with your idea? I really am a PBX rookie, but if you give me some basic instructions I should be able to follow.
To be clear, I was able to previously setup what I needed on a FreePBX 2.10 / Asterisk 1.8 system with the “Custom Contexts v2.10.0.1” module.
My steps:
IIRC, all I did was add a context called maybe “300Context” with “Dial Rules” having a value of “3XX” . And the only setting I had to change was to make the “ext-local” Internal Dialplan have “Allow Rules”. (everything else stayed at “Deny”) Then in my 300-something extensions I change all the contexts from “ALLOW ALL (Default)” (i.e. “from-internal”) to my new context (300Context).
…honestly, maybe I should just use Custom Contexts module again if I can… IDK if it works with FreePBX 12 though…

Class of Service lets you limit a range of extensions to only use certain routes, ring groups, feature codes, etc. Pretty much what you’re trying to achieve, EXCEPT for the ability to limit calls between extensions (however – no promises – that may be part of a future release of CoS).

It lets you have routes that are only used for group A, and ring groups that only group B and C can use (for example).

If you install the commercial module, it’ll link you to a video demonstration on how it works (before it’s licenced) and you can buy it online if you want.

Thanks a lot Rob. CoS seems like something that would work, if it did in fact also have functionality for extensions, as you say. It would be nice to test it out I suppose, but I wouldn’t want to pay money for it and then find it doesn’t do what I want. Perhaps I will contact Schmooze Com about getting a trial.

COS does not restrict which extensions can call which extensions. It does everything else. Mainly cause the way FreePBX works and dialparties AGI in FreePBX just can not handle this. Even Custom Contexts has lots of issues with it and leaks all over.

Hey Tony, thanks a lot for the input.
Ah, well that’s a bit of a disappointment, but good to know.
Well I’m not going to even try to pretend that I am able to identify in what ways Custom Contexts module has leaks. All I know is that, for our basic purposes, it worked. And all I needed it for was for that one “feature”.
We need this capability so that we can assign users (customers) “isolated” ranges of extensions so that they can make basic SIP registrations and calls without having the possibility of being called by some unknown 3rd party. (For some customers this was more of a concern than for others). Obviously, this is just the ideal, but if we have to settle for less than the ideal, we might.
I am willing to accept that what we are trying to do is simply not (easily) possible, and that I should relinquish pursuit of this “local extension dialplan restriction” or whatever the right phrase would be. But if anyone has any possible workarounds, I am all ears. To be clear, running local VMs is not an option – this is a live server on Amazon EC2. Security is hardly a concern being that there are no real phone numbers attached. All that a potential hacker could do is run up our data transfer bill… which would be fairly hard to do, I believe, considering the transfer rate is something on the order of pennies / GB of data transfer.