Whitelisting on asterisk
this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.
Creating a copy here so I have access internally for non-interconnected systems.
Whitelisting Incoming Calls on Asterisk
For some reason, this is a topic that I couldn’t seem to find a simple HOWTO online for, so I had to create my own.
I ran into a situation where I have a large number of auto-answering intercom boxes connected to an Asterisk system. The intercoms are programmed to pick up immediately upon ringing, allowing the caller to communicate with the room’s occupant without any action taken by the occupant. These intercom lines are assigned a DID number from the outside world in a large metro area. See the problem? The occupants were getting a number of calls from locals whom had dialed the wrong number. Sometimes the caller wouldn’t hear a response, so they’d call back repeatedly, to the irritation of the occupant. For our scenario, blacklisting wasn’t a good option. In metro areas, misdialed numbers are common, and rarely from the same person. I needed to only allow a handful (~20-50) of callers that we knew would be calling the intercoms legitimately. Furthermore, it would be useful to have a notice played for a blocked caller to that they knew either to not try calling again, or to contact us to whitelist the number.
Here are the rules I used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:
; Only allows calls from numbers in the whitelist DB [macro-inbound-whitelist] exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1) exten => s,2,Dial(${ARG1})
Then, if you don’t have a blacklisted context already, create one:
[blacklisted] exten => s,1,Playback(not-taking-your-call) exten => s,3,Hangup
Next, change your inbound call config to use the inbound-whitelist macro:
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123) exten => 5551234567,2,Hangup
Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.
Now add your number to the whitelist:
asterisk -r database put whitelist 5551230000 1
And do another test call.
One last word of warning. I did once run into a condition where our telco provider abruptly stopped sending caller ID through our PRI. When this happens, ALL calls show up as null/blank calling numbers. In these instances, ALL calls to your whitelist-protected extensions will be blocked (at least from outside). To temporarily disable whitelisting until the problem is resolved, simply comment out the “exten => s,1,GotoIf …” line and reload asterisk.
Hopefully this saved someone else out there some time.
UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:
exten => s,1,GotoIf($[ ${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | ${DB_EXISTS(whitelist-support/${CALLERID(num)})} ]?:blacklisted,s,1)
Also with this option, I can treat the whitelist name as an argument in my macro call:
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)
In this case, the whitelist DB would be named “whitelist-customername”.