<div dir="ltr">Daniel,<br><br>Thank you. It works.<br></div><br><div class="gmail_quote"><div dir="ltr">чт, 15 сент. 2016 г. в 15:07, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg">Hello,<br class="gmail_msg">
</p></div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<br class="gmail_msg">
<div class="m_-1902934627768388913moz-cite-prefix gmail_msg">On 14/09/16 09:49, Ivan Dudko wrote:<br class="gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_quote gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div class="gmail_msg">Hello!<br class="gmail_msg">
<br class="gmail_msg">
</div>
<div class="gmail_msg">I am new to kamailio and trying to use it vanilla
config.<br class="gmail_msg">
</div>
<div class="gmail_msg">Now main question is how to use ip based auth.<br class="gmail_msg">
</div>
<div class="gmail_msg">I found recent post of Daniel-Constantin Mierla:</div>
<div class="gmail_msg"><a href="http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html" class="gmail_msg" target="_blank">http://lists.sip-router.org/pipermail/sr-users/2011-December/071147.html</a><br class="gmail_msg">
</div>
<div class="gmail_msg">Here he recommends to use 'address' table from
permissions module,<br class="gmail_msg">
</div>
<div class="gmail_msg"><br class="gmail_msg">
I try yo use advice and add this lines at config begin:<br class="gmail_msg">
#!define WITH_MYSQL <br class="gmail_msg">
#!define DBURL
"mysql://kamailio:kamailiorw@localhost/kamailio" <br class="gmail_msg">
#!define WITH_AUTH <br class="gmail_msg">
#!define WITH_IPAUTH<br class="gmail_msg">
#!define WITH_USRLOCDB<br class="gmail_msg">
<br class="gmail_msg">
</div>
<div class="gmail_msg">Database is created and kamailio can access it.<br class="gmail_msg">
</div>
<div class="gmail_msg">I am add user 1000 to kamailio via kamctl and
successful register it with soft-phone.<br class="gmail_msg">
</div>
<div class="gmail_msg">I create trunk without registration to kamailio on
asterisk server. And trying to call from asterisk to
user 1000. Call is successful. I try to create file
/etc/kamailio/permissions.deny with content 'ALL : ALL'.
And retry previous call. It still sucessful. I try to
add record with asterisk address to 'address' table with
group 1. And retry previous call. It still sucessful.<br class="gmail_msg">
<br class="gmail_msg">
</div>
<div class="gmail_msg">I am confused. I do not now how to disable any
address for ip_auth except if it in the <br class="gmail_msg">
'address' table. And allow any address with if it
request kamailio with registration.<br class="gmail_msg">
</div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
</div>
</div>
</div>
</div>
</blockquote></div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
forget about the /etc/kamailio/*.deny or *.allow files, they are not
related to IP matching with address table at all.<br class="gmail_msg">
<br class="gmail_msg">
If you want to deny traffic from ip addresses stored in address
table with grp 10, then do:<br class="gmail_msg">
<br class="gmail_msg">
if(allow_source_address("10")) {<br class="gmail_msg">
send_reply("403", "Forbidden");<br class="gmail_msg">
exit;<br class="gmail_msg">
}<br class="gmail_msg">
<br class="gmail_msg">
If you want to allow traffic only from ip addresses stored in
address table with grp 10, then negate the condition, do:<br class="gmail_msg">
<br class="gmail_msg">
if( ! allow_source_address("10")) {<br class="gmail_msg">
send_reply("403", "Forbidden");<br class="gmail_msg">
exit;<br class="gmail_msg">
}<br class="gmail_msg">
<br class="gmail_msg">
Cheers,<br class="gmail_msg">
Daniel</div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg"><br class="gmail_msg">
<pre class="m_-1902934627768388913moz-signature gmail_msg" cols="72">--
Daniel-Constantin Mierla
<a class="m_-1902934627768388913moz-txt-link-freetext gmail_msg" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a> - <a class="m_-1902934627768388913moz-txt-link-freetext gmail_msg" href="http://www.kamailio.org" target="_blank">http://www.kamailio.org</a>
<a class="m_-1902934627768388913moz-txt-link-freetext gmail_msg" href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a class="m_-1902934627768388913moz-txt-link-freetext gmail_msg" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a></pre>
</div>
_______________________________________________<br class="gmail_msg">
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br class="gmail_msg">
<a href="mailto:sr-users@lists.sip-router.org" class="gmail_msg" target="_blank">sr-users@lists.sip-router.org</a><br class="gmail_msg">
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br class="gmail_msg">
</blockquote></div>