[asterisk-bugs] [JIRA] (ASTERISK-24874) Asterisk 11/13 Named ACLs don't work as expected

Michael Keuter (JIRA) noreply at issues.asterisk.org
Fri Mar 13 10:46:34 CDT 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-24874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Keuter updated ASTERISK-24874:
--------------------------------------

    Description: 
When I use this ACL configuration:

acl.conf:

[lan_acl]
deny=0.0.0.0/0.0.0.0
permit=192.168.0.0/255.255.255.0

[vpn_acl]
deny=0.0.0.0/0.0.0.0
permit=192.168.0.0/255.255.255.0
permit=10.8.0.0/255.255.255.0


sip.conf:

[phones](!)
;deny=0.0.0.0/0.0.0.0
;permit=192.168.0.0/255.255.255.0
acl=lan_acl


I get these error messages:

Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: acl.c:541 in ast_append_acl: Named ACL 'lan_acl' is already included in the ast_acl container.
Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 761 : lan_acl

It gets worse when I try to include one named ACL into another as mentioned in the examples, in this case acl.conf is not loaded at all:

[vpn_acl]
acl=lan_acl
permit=10.8.0.0/255.255.255.0

I get these errors:

Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:589 in aco_process_var: Could not find option suitable for category 'vpn_acl' named 'acl' at line 87 of
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:402 in process_category: In acl.conf: Processing options for vpn_acl failed
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: named_acl.c:328 in ast_named_acl_find: Attempted to find named ACL 'vpn_acl', but the ACL configuration isn't available.
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: acl.c:541 in ast_append_acl: Named ACL 'vpn_acl' is already included in the ast_acl container.
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 15 : vpn_acl


  was:
When I use this ACL configuration:

{{monospaced}}
acl.conf:

[lan_acl]
deny=0.0.0.0/0.0.0.0
permit=192.168.0.0/255.255.255.0

[vpn_acl]
deny=0.0.0.0/0.0.0.0
permit=192.168.0.0/255.255.255.0
permit=10.8.0.0/255.255.255.0


sip.conf:

[phones](!)
;deny=0.0.0.0/0.0.0.0
;permit=192.168.0.0/255.255.255.0
acl=lan_acl
{{monospaced}}

I get these error messages:

Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: acl.c:541 in ast_append_acl: Named ACL 'lan_acl' is already included in the ast_acl container.
Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 761 : lan_acl

It gets worse when I try to include one named ACL into another as mentioned in the examples, in this case acl.conf is not loaded at all:

[vpn_acl]
acl=lan_acl
permit=10.8.0.0/255.255.255.0

I get these errors:

Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:589 in aco_process_var: Could not find option suitable for category 'vpn_acl' named 'acl' at line 87 of
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:402 in process_category: In acl.conf: Processing options for vpn_acl failed
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: named_acl.c:328 in ast_named_acl_find: Attempted to find named ACL 'vpn_acl', but the ACL configuration isn't available.
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: acl.c:541 in ast_append_acl: Named ACL 'vpn_acl' is already included in the ast_acl container.
Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 15 : vpn_acl



> Asterisk 11/13 Named ACLs don't work as expected
> ------------------------------------------------
>
>                 Key: ASTERISK-24874
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24874
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 11.16.0, 13.2.0
>         Environment: AstLinux 1.2.2, Linux 3.2
>            Reporter: Michael Keuter
>
> When I use this ACL configuration:
> acl.conf:
> [lan_acl]
> deny=0.0.0.0/0.0.0.0
> permit=192.168.0.0/255.255.255.0
> [vpn_acl]
> deny=0.0.0.0/0.0.0.0
> permit=192.168.0.0/255.255.255.0
> permit=10.8.0.0/255.255.255.0
> sip.conf:
> [phones](!)
> ;deny=0.0.0.0/0.0.0.0
> ;permit=192.168.0.0/255.255.255.0
> acl=lan_acl
> I get these error messages:
> Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: acl.c:541 in ast_append_acl: Named ACL 'lan_acl' is already included in the ast_acl container.
> Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 761 : lan_acl
> It gets worse when I try to include one named ACL into another as mentioned in the examples, in this case acl.conf is not loaded at all:
> [vpn_acl]
> acl=lan_acl
> permit=10.8.0.0/255.255.255.0
> I get these errors:
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:589 in aco_process_var: Could not find option suitable for category 'vpn_acl' named 'acl' at line 87 of
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:402 in process_category: In acl.conf: Processing options for vpn_acl failed
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: named_acl.c:328 in ast_named_acl_find: Attempted to find named ACL 'vpn_acl', but the ACL configuration isn't available.
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: acl.c:541 in ast_append_acl: Named ACL 'vpn_acl' is already included in the ast_acl container.
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 15 : vpn_acl



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list