No Deny or Permit IP on a per extension basis when using CHAN_PJSIP instead of CHAN_SIP

TJ1 · March 13, 2020, 6:41pm

Dear All,

I’ve finally made the move from CHAN_SIP to CHAN_PJSIP only to find that DENY AND PERMIT doesn’t exist for CHAN_PJSIP extensions.

I find this really useful and wanted to see if it is supported.

https://wiki.asterisk.org/wiki/display/AST/Asterisk+16+Configuration_res_pjsip

Looking here, I found that PJSIP supports contact_deny and contact_permit.

In this example: -

github.com

jcollie/asterisk/blob/master/configs/pjsip.conf.sample

; PJSIP Configuration Samples and Quick Reference
;
; This file has several very basic configuration examples, to serve as a quick
; reference to jog your memory when you need to write up a new configuration.
; It is not intended to teach PJSIP configuration or serve as an exhaustive
; reference of options and potential scenarios.
;
; This file has two main sections.
; First, manually written examples to serve as a handy reference.
; Second, a list of all possible PJSIP config options by section. This is
; pulled from the XML config help. It only shows the synopsis for every item.
; If you want to see more detail please check the documentation sources
; mentioned at the top of this file.

; Documentation
;
; The official documentation is at http://wiki.asterisk.org
; You can read the XML configuration help via Asterisk command line with
; "config show help res_pjsip", then you can drill down through the various
; sections and their options.

This file has been truncated. show original

[acl]
type=acl
contact_deny=0.0.0.0/0.0.0.0
contact_permit=209.16.236.0
permit=209.16.236.0/24, !209.16.236.12/32

You can see there are various ways to lockdown an extension using an ACL.

According to the WIKI it looks like this can be done on a per extension basis.

Is this the case?

Why hasn’t this feature been added to FreePBX for use with PJSIP?

How do I do this manually? Anything I add to the Asterisk/ PJSIP config is overwritten each time I apply a configuration change in FreePBX.

Is there a patch to FreePBX which adds this feature?

Many thanks for your help.

cynjut · March 13, 2020, 8:17pm

There’s a “_custom” config file you can add these to that will not be overwritten by FreePBX.

The only problem is that I have no idea how you’d construct the stanza. Something like this would be how you’d do it:

 [acl](+)
 type=acl
 contact_deny=0.0.0.0/0.0.0.0
 contact_permit=209.16.236.0
 permit=209.16.236.0/24, !209.16.236.12/32

The catch is, I don’t know how you’d assign it on a “per extension” basis.

system · April 13, 2020, 8:17pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.