<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi,<div><br></div><div>Have a look at the permissions module doc, especially the check_source_address() function: <a href="http://www.opensips.org/html/docs/modules/1.9.x/permissions.html#id293797">http://www.opensips.org/html/docs/modules/1.9.x/permissions.html#id293797</a><br><div><div>You need to add the authorized ips to the address table in the db and use check_source_address() to check if the current source ip address is on that table.</div><div>Don't forget to reload the table everytime you make a change (mi command: address_reload)</div><div><br></div><div>Best Regards,</div><div>Vallimamod</div><div>.</div><div><br></div><div><br></div><div><br></div><div>On Aug 30, 2013, at 12:39 PM, Danny Dias <<a href="mailto:ing.diasdanny@gmail.com">ing.diasdanny@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">sorry, my small script is like this:</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><font face="courier new, monospace" style="font-size:13px">if (check_address("0","192.168.0.35","0","ANY","", "")) {<br>
</font><font face="courier new, monospace" style="font-size:13px"> t_relay();<br></font><font face="courier new, monospace" style="font-size:13px"> }<br></font><font face="courier new, monospace" style="font-size:13px"> else {<br>
</font><font face="courier new, monospace" style="font-size:13px"> sl_send_reply("403", "Forbidden");<br></font><font face="courier new, monospace" style="font-size:13px"> exit;<br>
</font><font face="courier new, monospace" style="font-size:13px"> }</font><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
Still receiving the 403<font face="courier new, monospace" style="font-size:13px"><br></font></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2013/8/30 Danny Dias <span dir="ltr"><<a href="mailto:ing.diasdanny@gmail.com" target="_blank">ing.diasdanny@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">Finally, </div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">I did it like this:</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div><div class="gmail_default"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="courier new, monospace">if (!check_address("0","192.168.0.35","0","ANY","", "")) {<br>
</font><font face="courier new, monospace"> t_relay();<br></font><font face="courier new, monospace"> }<br></font><font face="courier new, monospace"> else {<br></font><font face="courier new, monospace"> sl_send_reply("403", "Forbidden");<br>
</font><font face="courier new, monospace"> exit;<br></font><font face="courier new, monospace"> }</font></blockquote><div><br></div><div><span style="font-family:'trebuchet ms',sans-serif">But now, all the calls from source ip address 192.168.0.35 receive a 403:</span><br>
</div><div><span style="font-family:'trebuchet ms',sans-serif"><br></span></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="courier new, monospace">U <a href="http://192.168.0.35:3832/" target="_blank">192.168.0.35:3832</a> -> <a href="http://192.168.1.20:5060/" target="_blank">192.168.1.20:5060</a><br></font><font face="courier new, monospace">INVITE <a href="sip:1001@">sip:1001@</a></font><span style="font-family:'courier new',monospace">192.168.1.20</span><font face="courier new, monospace"> SIP/2.0.<br>
</font><font face="courier new, monospace">Via: SIP/2.0/UDP 192.168.1.35:3832;branch=z9hG4bK-d8754z-c4f09d265010a511-1---d8754z-;rport.<br></font><font face="courier new, monospace">Max-Forwards: 70.<br></font><font face="courier new, monospace">Contact: <<a href="http://sip:1000@192.168.0.35:3832/" target="_blank">sip:1000@192.168.0.35:3832</a>>.<br>
</font><font face="courier new, monospace">To: <<a href="mailto:sip%3A1001@192.168.1.20" target="_blank">sip:1001@192.168.1.20</a>>.<br></font><font face="courier new, monospace">From: "1000"<<a href="sip:1000@">sip:1000@</a></font><span style="font-family:'courier new',monospace">192.168.1.20</span><font face="courier new, monospace">>;tag=6be1ed13.<br>
</font><font face="courier new, monospace">Call-ID: ZGZiMjEwMzFjZjRkNDFmMzdhZGJkNTgxYzlmYjE4MTY.<br></font><font face="courier new, monospace">CSeq: 1 INVITE.<br></font><font face="courier new, monospace">Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.<br>
</font><font face="courier new, monospace">Content-Type: application/sdp.<br></font><font face="courier new, monospace">Supported: replaces.<br></font><font face="courier new, monospace">User-Agent: Bria 3 release 3.5.3 stamp 70600.<br>
</font><font face="courier new, monospace">Content-Length: 208.<br></font><font face="courier new, monospace">.<br></font><font face="courier new, monospace">v=0.<br></font><font face="courier new, monospace">o=- 1377858559536092 1 IN IP4 192.168.0.35.<br>
</font><font face="courier new, monospace">s=Bria 3 release 3.5.3 stamp 70600.<br></font><font face="courier new, monospace">c=IN IP4 192.168.0.35.<br></font><font face="courier new, monospace">t=0 0.<br></font><font face="courier new, monospace">m=audio 53766 RTP/AVP 8 0 101.<br>
</font><font face="courier new, monospace">a=rtpmap:101 telephone-event/8000.<br></font><font face="courier new, monospace">a=fmtp:101 0-15.<br></font><font face="courier new, monospace">a=sendrecv.</font><font face="courier new, monospace"><br>
</font><font face="courier new, monospace"><br></font><font face="courier new, monospace">U <a href="http://192.168.1.20:5060/" target="_blank">192.168.1.20:5060</a> -> <a href="http://192.168.0.35:3832/" target="_blank">192.168.0.35:3832</a><br>
</font><font face="courier new, monospace">SIP/2.0 403 Forbidden.<br>
</font><font face="courier new, monospace">Via: SIP/2.0/UDP 192.168.0.35:3832;received=192.168.0.35;branch=z9hG4bK-d8754z-c4f09d265010a511-1---d8754z-;rport=3832.<br></font><font face="courier new, monospace">To: <<a href="mailto:sip%3A1001@192.168.1.20" target="_blank">sip:1001@192.168.1.20</a>>;tag=7ff88f74df89822193682e3f23116cc8.59de.<br>
</font><font face="courier new, monospace">From: "1000"<<a href="mailto:sip%3A1000@192.168.1.20" target="_blank">sip:1000@192.168.1.20</a>>;tag=6be1ed13.<br></font><font face="courier new, monospace">Call-ID: ZGZiMjEwMzFjZjRkNDFmMzdhZGJkNTgxYzlmYjE4MTY.<br>
</font><font face="courier new, monospace">CSeq: 1 INVITE.<br></font><font face="courier new, monospace">Server: OpenSIPS (1.9.1-notls (i386/linux)).<br></font><font face="courier new, monospace">Content-Length: 0.</font></blockquote>
</div><div><span style="font-family:'trebuchet ms',sans-serif"><br></span></div><div><span style="font-family:'trebuchet ms',sans-serif"><br></span></div><div> </div></div></div><div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br>
<br><div class="gmail_quote">2013/8/30 Danny Dias <span dir="ltr"><<a href="mailto:ing.diasdanny@gmail.com" target="_blank">ing.diasdanny@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">So, </div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br>
</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">It would be something like this (not quite sure...):</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="courier new, monospace">route {<br>
</font><font face="courier new, monospace">if (check_address("0","192.168.2.135","0","ANY","", "")) {<br>
</font><font face="courier new, monospace">t_relay();<br></font><font face="courier new, monospace">else if (sl_send_reply("403", "Forbidden"));<br></font><font face="courier new, monospace">exit;<br>
</font><font face="courier new, monospace">}</font></blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="courier new, monospace">.<br></font><font face="courier new, monospace">.</font></blockquote>
<div class="gmail_default"><font face="trebuchet ms, sans-serif"><br></font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif">In this small script at the very begining of route script, i will only permit calls from ip "192.168.2.135", any other ip, will receive a 403. Am i right?</font></div>
<div class="gmail_default"><font face="trebuchet ms, sans-serif"><br></font></div><div class="gmail_default"><font face="trebuchet ms, sans-serif">Thanks</font></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div>
<div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">
<br></div></div><div class="gmail_extra"><div><br><br><div class="gmail_quote">2013/8/30 Víctor Fernández Martínez <span dir="ltr"><<a href="mailto:vfernandez@barracuda.com" target="_blank">vfernandez@barracuda.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Danny,<br>
<br>
You can check the source IP address using $si and send a forbidden response if<br>
it doesn't match your needs.<br>
<br>
Best regards.<br>
<div><br>
<br>
<br>
On Friday 30 August 2013 03:48:25 Danny Días wrote:<br>
> Hi,<br>
><br>
> I need to configure OpenSIPS to only accept calls from 1 IP address and<br>
> without any kind of authentication (no password required for clients); i<br>
> wonder if there's a function in OpenSIPS to accomplish this?<br>
><br>
> Thanks so much<br>
<br>
<br>
</div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br><br clear="all"><div><br></div></div><span><font color="#888888">-- <br><div dir="ltr"><div><font><font face="trebuchet ms, sans-serif"><b>SIP:</b> </font><a href="http://www.danntel.net/?page_id=189" style="font-family:'trebuchet ms',sans-serif" target="_blank">danny@voice.danntel.net</a></font></div>
<font><font face="trebuchet ms, sans-serif"><b>Web: </b></font><a href="http://www.danntel.net/" style="font-family:'trebuchet ms',sans-serif" target="_blank">http://www.danntel.net</a></font></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><font><font face="trebuchet ms, sans-serif"><b>SIP:</b> </font><a href="http://www.danntel.net/?page_id=189" style="font-family:'trebuchet ms',sans-serif" target="_blank">danny@voice.danntel.net</a></font></div>
<font><font face="trebuchet ms, sans-serif"><b>Web: </b></font><a href="http://www.danntel.net/" style="font-family:'trebuchet ms',sans-serif" target="_blank">http://www.danntel.net</a></font></div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><font><font face="trebuchet ms, sans-serif"><b>SIP:</b> </font><a href="http://www.danntel.net/?page_id=189" style="font-family:'trebuchet ms',sans-serif" target="_blank">danny@voice.danntel.net</a></font></div>
<font><font face="trebuchet ms, sans-serif"><b>Web: </b></font><a href="http://www.danntel.net/" style="font-family:'trebuchet ms',sans-serif" target="_blank">http://www.danntel.net</a></font></div>
</div>
_______________________________________________<br>Users mailing list<br><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>http://lists.opensips.org/cgi-bin/mailman/listinfo/users<br></blockquote></div><br></div></body></html>