[asterisk-users] Is this doable?

Mon Feb 6 17:29:55 CST 2012

> Your description sounds almost entirely like the existing call 
> screening, so I'm pretty sure you'll be able to accomplish it.  Start 
> with call screening, and modify that to suit your needs.
It is indeed. This is already implemented in Asterisk I take it then? If 
so, brilliant news!

> I'd encourage you not to give callers much information.  If you tell 
> callers that their number is blacklisted, or that the recipient is not 
> available (and not offer them voicemail), they're likely to call back 
> and provide different or no information.  It'll be more effective to 
> let them leave voicemail and then delete and ignore it.  Just a 
> suggestion.
A good one, thanks for that - will take it on board.

> IP routing alone isn't actually sufficient (typically) to use multiple 
> interfaces.  Under Linux, you have to set up multiple routing tables, 
> track connections, mangle reply packets (mark), and use 'ip rule' to 
> select the proper routing table for the packet.  If you haven't 
> verified that replies go out the right interface, you should look.  If 
> you have, then ignore me. :)
This is already done and works, though from my (admittedly limited) 
understanding of the sip protocol I know that internal IP address 
information is included in the actual packet. I know that I could use 
sip helpers (kernel modules), but just wanted to know whether I should 
rely on Asterisk to do this or whether I should do it via netfilter 
alone (in which case why are all the nat-related options present in 
Asterisk?).

> No... binding to 0.0.0.0 isn't a security risk.  Typically 
> applications bind to a specific address so that a single host can have 
> multiple addresses, and an application or multiple applications can 
> bind to specific addresses to implement virtual hosting.
I disagree. Binding to 0.0.0.0 allows connections to be made from all 
interfaces (provided the routing allows it, of course) - see my previous 
post as I do not wish to repeat myself here. I do not wish to solely 
rely on iptables/netfilter/other means if I can constrain Asterisk to 
the interfaces it is supposed to be using.