Difference between revisions of "Blacklist or whitelist"

From "PTTLink Wiki"
Jump to navigation Jump to search
Line 13: Line 13:
 
** database show
 
** database show
  
WA3DSP [[https://hamvoip.org/downloads/node-ban-allow.sh menu script]] for above commands.  
+
WA3DSP [https://hamvoip.org/downloads/node-ban-allow.sh menu script] for above commands.  
  
 
==Blacklist Configuration==
 
==Blacklist Configuration==

Revision as of 22:08, 16 October 2017

Occasionally it becomes necessary to limit connections to your node. With this configuration you can either blacklist (block) or whitelist (allow) inbound connections. Outbound connections are not blocked.

It's very easy to manage both lists with these Asterisk CLI commands:

  • Blacklist
    • database put blacklist 1998 "any comment"
    • database del blacklist 1998
    • database show blacklist
  • Whitelist
    • database put whitelist 1000 "any comment"
    • database del whitelist 1000
    • database show whitelist
  • Both
    • database show

WA3DSP menu script for above commands.

Blacklist Configuration

Add this to extensions.conf just below the [radio-secure] context.

[radio-secure]
...

; To add a node to the blacklist: 
; database put blacklist 1998 “any comment”
; to remove:
; database del blacklist 1998
; to list
; database show blacklist
 
[blacklist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked)
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1)
exten => _XXXX!,n(blocked),Hangup

[whitelist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)})
exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1)  ;permit local IPs
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1)
exten => _XXXX!,n,Hangup

In iax.conf modify the [radio] context by adding and/or commenting context = lines.

[radio]
type = user
disallow = all
allow = ulaw
allow = adpcm
allow = gsm
codecpriority = host
;context = radio-secure
;context = whitelist
context = blacklist
transfer = no

Note: Only one list can be used at a same time and it applies to all nodes on the server. If using the whitelist all nodes on the local server (127.0.0.1) are allowed.