Re: [SR-Users] Permissions module question

Mon, 05 Dec 2011 11:49:10 -0800 

Hello,
for pure IP based auth, it is better to use 'address' table from permission module instead of trusted table. 


You have to add the trusted IP addresses in address table with grp=1 and 
in the config file have a condition like:


if(allow_source_address()) {
   # source IP is in address table
   ...
}

Cheers,
Daniel

On 12/5/11 4:47 AM, pablo umanzor wrote:

hi, recently i've implemented the module antiflood into kamailio
(3.1.5 from GIT) ,the module works and i can see the ip banned with

kamctl fifo sht_dump ipban

now, when i try to allocate a trusted ip address with permissions module

#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
#!endif
--------------

  if(src_ip!=TRUSTEDIP)

then i make a sipsak flood test from ip address 1.2.3.4 , but the ip
address entered before into trusted table  (1.2.3.4 ) again is banned
with antiflood module

syslog file

: INFO: auth [auth_mod.c:312]: auth: qop set, but nonce-count
(nc_enabled) support disabled
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.allow
: INFO: permissions [permissions.c:606]: default allow file
(/usr/local/etc/kamailio/permissions.allow) not found =>  empty rule
set
: INFO: permissions [parse_config.c:251]: file not found:
/usr/local/etc/kamailio/permissions.deny
:INFO : permissions [permissions.c:615]: default deny file
(/usr/local/etc/kamailio/permissions.deny) not found =>  empty rule set


must i to create this files (permissions.allow, deny) to this module
works? or is enough with empty rule set, according with documentation
- there are another options into this module, but i need only enabling
the trusted ip address part.


regards
pablo umanzor

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users






















					Reply via email to