[Asterisk-Users] hook into authentication

Tzafrir Cohen tzafrir at cohens.org.il
Sun May 28 23:11:00 MST 2006


On Sun, May 28, 2006 at 11:41:00PM -0400, Steve Totaro wrote:
> Henry J. Cobb wrote:
> >>to increase the security for remote extensions I would like to limit a
> >>sip-peer to a specific MAC address. Is it possible to "hook into" the
> >>authentication mechanism in asterisk and allow/deny incoming
> >>registrations?
> >>    
> >
> >This would be only mildly useful on the same subnet and completely useless
> >over the internet.
> >
> >-HJC
> >
> >  
> I think it would work just fine over the internet using a bridged VPN.

Anyway, Asterisk does not get this information. This is something you
have to set up at the firewall level (e.g.: iptables/netfilter on
Linux).

At most the firewall can "color" the packets of some SIP connections to
allow another component to filter by that (e.j: iptables -j MARK)

Not to mention the well-known fact that mac addresses can also be faked.

-- Tzafrir



More information about the asterisk-users mailing list