[asterisk-users] Create dialplan restrictions based on the IP Address of the SIP Client?

Motiejus Jakštys desired.mta at gmail.com
Fri Jun 4 04:28:39 CDT 2010


On Fri, Jun 4, 2010 at 11:52 AM, Raimund Sacherer <rs at runsolutions.com> wrote:
> Hello,
>
> We have a scenario in which there are 2 sites, one in europe and one in mexico, they are connected via an IAX channel, problem is that the location in mexico has only a dynamic IP connection to the Internet.
>
> Because of the dynamic IP I can not create IP-Tables rules to only allow this connection from the outside. But I need to restrict > calls because there was a break-in which called out.
What is the problem with iptables and dynamic IP? What exactly are you
trying to achieve? How would you on a static IP?

>
> So, is it possible to restrict sip-accounts, which connect through an outside IP, to only be able to call to extensions and are not  allowed to dial out?

Just pass the nescesarry context to your "outside" peers:

sip.conf:
[InsideCustomers]
context=DialOutWhereever ; you can dial out from this context
deny=0.0.0.0/0.0.0.0
allow=192.168.0.0/255.255.0.0

[OutsideCustomers]
context=ThisContextDoesNotExist
deny=0.0.0.0/0.0.0.0
allow=0.0.0.0/0.0.0.0

And your "outside" SIP peers will be jailed.

> Are there other possible solutions I am not aware of?
>
> best regards
> Ray



More information about the asterisk-users mailing list