ACL
From FreeSWITCH Wiki
Contents |
ACL
ACL stands for Access Control List and is a list of permissions associated with an object. The list shows who or what is allowed to access the object.
Configuration
See acl.conf.xml
Users
Users in the directory can have "auth-acl" parameters applied to them so as to restrict users access to a predefined ACL or a CIDR.
<param name="auth-acl" value="1.2.3.0/8"/>
Note... this will require "auth-calls" to be set to true in your sip profile
Example :
<include>
<user id="1000" mailbox="1000">
<params>
<param name="password" value="1234"/>
<param name="vm-password" value="1000"/>
<param name="auth-acl" value="1.2.3.0/8"/>
</params>
<variables>
<variable name="accountcode" value="1000"/>
<variable name="user_context" value="default"/>
<variable name="effective_caller_id_name" value="Extension 1000"/>
<variable name="effective_caller_id_number" value="1000"/>
</variables>
</user>
</include>
Services
Event Socket
See Event Socket
Sofia
See Sofia
Apps
check_acl
This dialplan function will allow you to check an ACL and route by it.
check_acl <ip> <acl | cidr> [<hangup_cause>]
hangup_cause defaults to rejected (see Hangup causes)
<action application="check_acl" data="${network_addr} foo normal_clearing"/>
<action application="check_acl" data="${network_addr} 1.2.3.0/8 normal_clearing"/>
API Commands
reloadacl
reloadacl [<reloadxml>]
sip_profiles
In your sip profiles, you can use the following lines to apply the ACL setting to incoming request:
<param name="apply-inbound-acl" value="<acl_list|cidr>"/> <param name="apply-register-acl" value="<acl_list|cidr>"/>
acl
acl <ip> <list|net>
freeswitch@mybox> acl 192.168.42.42 192.168.42.0/24 freeswitch@mybox> acl 192.168.42.42 list_foo
for the second line, 'list_foo' refer to the list_name that you specify in acl.conf.xml
