[asterisk-users] Allowing peers from specific subnet only
Joshua Colp
jcolp at digium.com
Mon Nov 19 06:24:31 CST 2012
bilal ghayyad wrote:
> Hi;
Hola,
> How I can make my configuration to allow the sip phones only from specific IP addresses range (for example from 192.168.10.1 - 192.168.10.50) to be allowed to connect for asterisk?
>
> In other words, in addition to be authenticated based on the username and password, it is required that the IP address of the Phone to be from this range. How?
This can be accomplished using ACLs. They are configured using the deny
and permit settings within sip.conf.
Example:
deny=0.0.0.0/0.0.0.0
permit=172.16.10.0/255.255.255.0
This permits only devices from the 172.16.10.1-172.16.10.255 range.
For cases where you may want to configure this in one place and share it
around Asterisk 11 has introduced what are called "Named ACLs".
You can find further information on those at
https://wiki.asterisk.org/wiki/display/AST/Named+ACLs
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list