Whitelisting on asterisk

From lippmann wiki
Jump to navigation Jump to search

this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.

Creating a copy here so I have access internally for non-interconnected systems.

Whitelisting Incoming Calls on Asterisk

Here are the rules muchtall used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:

; Only allows calls from numbers in the whitelist DB
[macro-inbound-whitelist]
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1)
exten => s,2,Dial(${ARG1})

Then, if you don’t have a blacklisted context already, create one:

[blacklisted]
exten => s,1,Playback(not-taking-your-call)
exten => s,3,Hangup

Next, change your inbound call config to use the inbound-whitelist macro:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
exten => 5551234567,2,Hangup

Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.

Now add your number to the whitelist:

asterisk -r
database put whitelist 5551230000 1

And do another test call.

One last word of warning. I did once run into a condition where our telco provider abruptly stopped sending caller ID through our PRI. When this happens, ALL calls show up as null/blank calling numbers. In these instances, ALL calls to your whitelist-protected extensions will be blocked (at least from outside). To temporarily disable whitelisting until the problem is resolved, simply comment out the “exten => s,1,GotoIf …” line and reload asterisk.

Hopefully this saved someone else out there some time.

UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:

exten => s,1,GotoIf($[
${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} |
${DB_EXISTS(whitelist-support/${CALLERID(num)})}
]?:blacklisted,s,1)

Also with this option, I can treat the whitelist name as an argument in my macro call:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)

In this case, the whitelist DB would be named “whitelist-customername”.