Difference between revisions of "Blacklist or whitelist"
m |
|||
(2 intermediate revisions by one other user not shown) | |||
Line 57: | Line 57: | ||
== Web Portal == | == Web Portal == | ||
− | If you want to have a blacklist for the web portal users you will need to modify the [ | + | If you want to have a blacklist for the web portal users you will need to modify the [pttlink-public] context in extentions.conf |
<pre> | <pre> | ||
− | [ | + | [pttlink-public] |
exten => s,1,Ringing | exten => s,1,Ringing | ||
− | exten => s,n,Set(RESP=${CURL(https://register. | + | exten => s,n,Set(RESP=${CURL(https://register.pttlink.org/cgi-bin/authwebphone.pl?${CALLERID(name)})}) |
exten => s,n,Set(NODENUM=${CALLERID(number)}) | exten => s,n,Set(NODENUM=${CALLERID(number)}) | ||
exten => s,n,GotoIf($["${RESP:0:1}" = "?"]?hangit) | exten => s,n,GotoIf($["${RESP:0:1}" = "?"]?hangit) | ||
Line 84: | Line 84: | ||
exten => s,n(blacklisted),Wait(1) | exten => s,n(blacklisted),Wait(1) | ||
exten => s,n(blacklisted),Hangup | exten => s,n(blacklisted),Hangup | ||
− | <pre> | + | </pre> |
Whitelist is not implemented here, but it should be easy to do | Whitelist is not implemented here, but it should be easy to do | ||
To block a web-portal user you will need to add the callsign in capital letters to the blacklist. | To block a web-portal user you will need to add the callsign in capital letters to the blacklist. | ||
− | + | * <code>*CLI> database put blacklist KM6RPT "no comment"</code> | |
Latest revision as of 16:00, 1 January 2021
Occasionally it becomes necessary to limit connections to your node. With this configuration you can either blacklist (block) or whitelist (allow) inbound connections. Outbound connections are not blocked. Only one list can be used at a same time and it applies to all nodes on the server. If using the whitelist all nodes on the local server (127.0.0.1) are allowed. The lists are managed with these Asterisk CLI commands:
- Blacklist
*CLI> database put blacklist 1998 "any comment"
*CLI> database del blacklist 1998
*CLI> database show blacklist
- Whitelist
*CLI> database put whitelist 1000 "any comment"
*CLI> database del whitelist 1000
*CLI> database show whitelist
- Both
*CLI> database show
Note: WA3DSP wrote a menu script for the above commands.
Blacklist Configuration
Add this to extensions.conf just below the [radio-secure] context.
[radio-secure] ... ; To add a node to the blacklist: ; database put blacklist 1998 “any comment” ; to remove: ; database del blacklist 1998 ; to list ; database show blacklist [blacklist] exten => _XXXX!,1,NoOp(${CALLERID(num)}) exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked) exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1) exten => _XXXX!,n(blocked),Hangup [whitelist] exten => _XXXX!,1,NoOp(${CALLERID(num)}) exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)}) exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1) ;permit local IPs exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1) exten => _XXXX!,n,Hangup
In iax.conf modify the [radio] context by adding and/or commenting context = lines.
[radio] type = user disallow = all allow = ulaw allow = adpcm allow = gsm codecpriority = host ;context = radio-secure ;context = whitelist context = blacklist transfer = no
Web Portal
If you want to have a blacklist for the web portal users you will need to modify the [pttlink-public] context in extentions.conf
[pttlink-public] exten => s,1,Ringing exten => s,n,Set(RESP=${CURL(https://register.pttlink.org/cgi-bin/authwebphone.pl?${CALLERID(name)})}) exten => s,n,Set(NODENUM=${CALLERID(number)}) exten => s,n,GotoIf($["${RESP:0:1}" = "?"]?hangit) exten => s,n,GotoIf($["${RESP:0:1}" = ""]?hangit) exten => s,n,GotoIf($["${RESP:0:5}" != "OHYES"]?hangit) exten => s,n,Set(CALLSIGN=${RESP:5}) exten => s,n,Wait(3) exten => s,n,Playback(rpt/node|noanswer) exten => s,n,Saydigits(${NODENUM}) exten => s,n,Set(CALLERID(name)=${CALLSIGN}) exten => s,n,Set(CALLERID(num)=0) exten => s,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(name)})}]?blacklisted) exten => s,n,Rpt(${NODENUM}|X) exten => s,n,Hangup exten => s,n(hangit),Answer exten => s,n(hangit),Wait(1) exten => s,n(hangit),Hangup exten => s,n(blacklisted),Playback(privacy-you-are-blacklisted) exten => s,n(blacklisted),Playback(goodbye) exten => s,n(blacklisted),Wait(1) exten => s,n(blacklisted),Hangup
Whitelist is not implemented here, but it should be easy to do
To block a web-portal user you will need to add the callsign in capital letters to the blacklist.
*CLI> database put blacklist KM6RPT "no comment"