[SR-Users] Permissions module question

Daniel-Constantin Mierla miconda at gmail.com
Mon Dec 5 20:48:52 CET 2011


Hello,

for pure IP based auth, it is better to use 'address' table from 
permission module instead of trusted table.

You have to add the trusted IP addresses in address table with grp=1 and 
in the config file have a condition like:

if(allow_source_address()) {
    # source IP is in address table
    ...
}

Cheers,
Daniel

On 12/5/11 4:47 AM, pablo umanzor wrote:
> hi, recently i've implemented the module antiflood into kamailio
> (3.1.5 from GIT) ,the module works and i can see the ip banned with
>
> kamctl fifo sht_dump ipban
>
> now, when i try to allocate a trusted ip address with permissions module
>
> #!ifdef WITH_IPAUTH
> modparam("permissions", "db_url", DBURL)
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "trusted")
> #!endif
> --------------
>
>   if(src_ip!=TRUSTEDIP)
>
> then i make a sipsak flood test from ip address 1.2.3.4 , but the ip
> address entered before into trusted table  (1.2.3.4 ) again is banned
> with antiflood module
>
> syslog file
>
> : INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count
> (nc_enabled) support disabled
> : INFO: permissions [parse_config.c:251]: file not found:
> /usr/local/etc/kamailio/permissions.allow
> : INFO: permissions [permissions.c:606]: default allow file
> (/usr/local/etc/kamailio/permissions.allow) not found =>  empty rule
> set
> : INFO: permissions [parse_config.c:251]: file not found:
> /usr/local/etc/kamailio/permissions.deny
> :INFO : permissions [permissions.c:615]: default deny file
> (/usr/local/etc/kamailio/permissions.deny) not found =>  empty rule set
>
>
> must i to create this files (permissions.allow, deny) to this module
> works? or is enough with empty rule set, according with documentation
> - there are another options into this module, but i need only enabling
> the trusted ip address part.
>
>
> regards
> pablo umanzor
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda




More information about the sr-users mailing list