Whitelisting on asterisk: Difference between revisions
(Created page with "this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there. Creating a copy here so I have access internally for n...") |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there. | '''this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.''' | ||
Creating a copy here so I have access internally for non-interconnected systems. | Creating a copy here so I have access internally for non-interconnected systems. | ||
Line 5: | Line 5: | ||
Whitelisting Incoming Calls on Asterisk | Whitelisting Incoming Calls on Asterisk | ||
Here are the rules muchtall used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting: | |||
; Only allows calls from numbers in the whitelist DB | |||
[macro-inbound-whitelist] | |||
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1) | |||
exten => s,2,Dial(${ARG1}) | |||
; Only allows calls from numbers in the whitelist DB | |||
[macro-inbound-whitelist] | |||
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1) | |||
exten => s,2,Dial(${ARG1}) | |||
Then, if you don’t have a blacklisted context already, create one: | Then, if you don’t have a blacklisted context already, create one: | ||
[blacklisted] | [blacklisted] | ||
exten => s,1,Playback(not-taking-your-call) | exten => s,1,Playback(not-taking-your-call) | ||
exten => s,3,Hangup | exten => s,3,Hangup | ||
Next, change your inbound call config to use the inbound-whitelist macro: | Next, change your inbound call config to use the inbound-whitelist macro: | ||
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123) | exten => 5551234567,1,Macro(inbound-whitelist,SIP/123) | ||
exten => 5551234567,2,Hangup | exten => 5551234567,2,Hangup | ||
Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call. | Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call. | ||
Line 31: | Line 27: | ||
Now add your number to the whitelist: | Now add your number to the whitelist: | ||
asterisk -r | asterisk -r | ||
database put whitelist 5551230000 1 | database put whitelist 5551230000 1 | ||
And do another test call. | And do another test call. | ||
Line 42: | Line 38: | ||
UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic: | UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic: | ||
exten => s,1,GotoIf($[ ${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | ${DB_EXISTS(whitelist-support/${CALLERID(num)})} ]?:blacklisted,s,1) | exten => s,1,GotoIf($[ | ||
${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | | |||
${DB_EXISTS(whitelist-support/${CALLERID(num)})} | |||
]?:blacklisted,s,1) | |||
Also with this option, I can treat the whitelist name as an argument in my macro call: | Also with this option, I can treat the whitelist name as an argument in my macro call: | ||
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername) | exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername) | ||
In this case, the whitelist DB would be named “whitelist-customername”. | In this case, the whitelist DB would be named “whitelist-customername”. |
Latest revision as of 15:24, 25 May 2019
this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.
Creating a copy here so I have access internally for non-interconnected systems.
Whitelisting Incoming Calls on Asterisk
Here are the rules muchtall used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:
; Only allows calls from numbers in the whitelist DB [macro-inbound-whitelist] exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1) exten => s,2,Dial(${ARG1})
Then, if you don’t have a blacklisted context already, create one:
[blacklisted] exten => s,1,Playback(not-taking-your-call) exten => s,3,Hangup
Next, change your inbound call config to use the inbound-whitelist macro:
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123) exten => 5551234567,2,Hangup
Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.
Now add your number to the whitelist:
asterisk -r database put whitelist 5551230000 1
And do another test call.
One last word of warning. I did once run into a condition where our telco provider abruptly stopped sending caller ID through our PRI. When this happens, ALL calls show up as null/blank calling numbers. In these instances, ALL calls to your whitelist-protected extensions will be blocked (at least from outside). To temporarily disable whitelisting until the problem is resolved, simply comment out the “exten => s,1,GotoIf …” line and reload asterisk.
Hopefully this saved someone else out there some time.
UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:
exten => s,1,GotoIf($[ ${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | ${DB_EXISTS(whitelist-support/${CALLERID(num)})} ]?:blacklisted,s,1)
Also with this option, I can treat the whitelist name as an argument in my macro call:
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)
In this case, the whitelist DB would be named “whitelist-customername”.