[asterisk-users] permit/deny in sip.conf iax.conf

[Karl Fife]

>> Steve Edwards wrote:
>>
>>> It may not be as intended, but from a "user" standpoint, it seems 
>>> logical
>>> and convenient to establish "policy" in [general] and make exceptions in
>>> the entities as needed.
>>
>> Right... for when you have one policy. When you have two policies, each
>> that apply to a dozen or more entries in the config file, then it really
>> doesn't help, it harms. Templates solve that problem completely, because
>> each policy can be its own (named!) template, and they can be combined.
>> Since templates are also very easy to use for the single policy case,
>> they are a better solution to teach people (and they're also easier to
>> implement in the configuration code of the module).
>>
>> In other modules created since chan_sip, we've intentionally avoided
>> this problem, and you'll note that in nearly every other module, the
>> [general] section is exactly that; general settings for the module, and
>> not defaults.
>
> In my NACL work, I implemented a channel-wide NACL for blacklist purposes.

Can you talk more about this?  Were your Named ACL's something other than 
templates?

What was/were the specific 'pain point/s' you were trying to assuage?  For 
example did you need something not currently offered in the existing 
frameworks, for example DNS-resolved hostnames for permitting/restricting 
registration/connection?  Or were you just doing a 
clever/elaborate/well-implemented setup of the existing frameworks?

I for one would love to hear your 10,000 foot concepts and any details you'd 
be willing to share.

-Karl