<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,<br>
</p>
<br>
<div class="moz-cite-prefix">On 14/09/16 09:49, Ivan Dudko wrote:<br>
</div>
<blockquote
cite="mid:CAMY-Hu_rTBkMJFSFmwOzierMxs=b7j5FqF2ZQ78iuLe1BucbdQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div>
<div>Hello!<br>
<br>
</div>
<div>I am new to kamailio and trying to use it vanilla
config.<br>
</div>
<div>Now main question is how to use ip based auth.<br>
</div>
<div>I found recent post of Daniel-Constantin Mierla:</div>
<div><a moz-do-not-send="true"
href="http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html"
target="_blank">http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html</a><br>
</div>
<div>Here he recommends to use 'address' table from
permissions module,<br>
</div>
<div><br>
I try yo use advice and add this lines at config begin:<br>
#!define WITH_MYSQL <br>
#!define DBURL
"mysql://kamailio:kamailiorw@localhost/kamailio" <br>
#!define WITH_AUTH <br>
#!define WITH_IPAUTH<br>
#!define WITH_USRLOCDB<br>
<br>
</div>
<div>Database is created and kamailio can access it.<br>
</div>
<div>I am add user 1000 to kamailio via kamctl and
successful register it with soft-phone.<br>
</div>
<div>I create trunk without registration to kamailio on
asterisk server. And trying to call from asterisk to
user 1000. Call is successful. I try to create file
/etc/kamailio/permissions.deny with content 'ALL : ALL'.
And retry previous call. It still sucessful. I try to
add record with asterisk address to 'address' table with
group 1. And retry previous call. It still sucessful.<br>
<br>
</div>
<div>I am confused. I do not now how to disable any
address for ip_auth except if it in the <br>
'address' table. And allow any address with if it
request kamailio with registration.<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
forget about the /etc/kamailio/*.deny or *.allow files, they are not
related to IP matching with address table at all.<br>
<br>
If you want to deny traffic from ip addresses stored in address
table with grp 10, then do:<br>
<br>
if(allow_source_address("10")) {<br>
send_reply("403", "Forbidden");<br>
exit;<br>
}<br>
<br>
If you want to allow traffic only from ip addresses stored in
address table with grp 10, then negate the condition, do:<br>
<br>
if( ! allow_source_address("10")) {<br>
send_reply("403", "Forbidden");<br>
exit;<br>
}<br>
<br>
Cheers,<br>
Daniel<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a> - <a class="moz-txt-link-freetext" href="http://www.kamailio.org">http://www.kamailio.org</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>