Difference between revisions of "Blacklist or whitelist"
Jump to navigation
Jump to search
m (Wd6awp moved page Blacklist to Blacklist or whitelist without leaving a redirect) |
|||
| Line 1: | Line 1: | ||
| − | Occasionally it becomes necessary to block a poorly operating node. | + | Occasionally it becomes necessary to limit connections to your node. The blacklist is used block a poorly operating node or small number of nodes. The whitelist allows only listed notes to connect. |
| + | It's very easy to manage both list with these Asterisk CLI commands: | ||
* database put blacklist 1998 "any comment" | * database put blacklist 1998 "any comment" | ||
* database del blacklist 1998 | * database del blacklist 1998 | ||
* database show blacklist | * database show blacklist | ||
| + | * database put whitelist 1000 "any comment" | ||
| + | * database del whitelist 1000 | ||
| + | * database show whitelist | ||
| + | * database show | ||
==Blacklist Configuration== | ==Blacklist Configuration== | ||
| Line 22: | Line 27: | ||
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked) | exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked) | ||
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1) | exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1) | ||
| − | exten => _XXXX!,n(blocked),Hangup; | + | exten => _XXXX!,n(blocked),Hangup |
| + | |||
| + | [whitelist] | ||
| + | exten => _XXXX!,1,NoOp(${CALLERID(num)}) | ||
| + | exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)}) | ||
| + | exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1) ;permit local IPs | ||
| + | exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1) | ||
| + | exten => _XXXX!,n,Hangup | ||
</pre> | </pre> | ||
| − | In iax.conf modify the [radio] context by commenting context = | + | In iax.conf modify the [radio] context by adding and/or commenting context = lines. |
<pre> | <pre> | ||
[radio] | [radio] | ||
| Line 35: | Line 47: | ||
codecpriority = host | codecpriority = host | ||
;context = radio-secure | ;context = radio-secure | ||
| + | ;context = whitelist | ||
context = blacklist | context = blacklist | ||
transfer = no | transfer = no | ||
</pre> | </pre> | ||
| + | |||
| + | ''Notes'': Neither list blocks outbound connections. Both lists cannot be used at the same time and apply to all nodes on the server. | ||
[[Category:How to]] | [[Category:How to]] | ||
[[Category:Node Configuration]] | [[Category:Node Configuration]] | ||
Revision as of 19:56, 15 October 2017
Occasionally it becomes necessary to limit connections to your node. The blacklist is used block a poorly operating node or small number of nodes. The whitelist allows only listed notes to connect.
It's very easy to manage both list with these Asterisk CLI commands:
- database put blacklist 1998 "any comment"
- database del blacklist 1998
- database show blacklist
- database put whitelist 1000 "any comment"
- database del whitelist 1000
- database show whitelist
- database show
Blacklist Configuration
Add this to extensions.conf just below the [radio-secure] context.
[radio-secure]
...
; To add a node to the blacklist:
; database put blacklist 1998 “any comment”
; to remove:
; database del blacklist 1998
; to list
; database show blacklist
[blacklist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked)
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1)
exten => _XXXX!,n(blocked),Hangup
[whitelist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)})
exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1) ;permit local IPs
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1)
exten => _XXXX!,n,Hangup
In iax.conf modify the [radio] context by adding and/or commenting context = lines.
[radio] type = user disallow = all allow = ulaw allow = adpcm allow = gsm codecpriority = host ;context = radio-secure ;context = whitelist context = blacklist transfer = no
Notes: Neither list blocks outbound connections. Both lists cannot be used at the same time and apply to all nodes on the server.