Skip to end of metadata
Go to start of metadata

SIP ACL module

This configuration documentation is for functionality provided by res_pjsip_acl.

Overview

ACL

The ACL module used by res_pjsip. This module is independent of endpoints and operates on all inbound SIP communication using res_pjsip.

There are two main ways of defining your ACL with the options provided. You can use the permit and deny options which act on IP addresses, or the contactpermit and contactdeny options which act on Contact header addresses in incoming REGISTER requests. You can combine the various options to create a mixed ACL.

Additionally, instead of defining an ACL with options, you can reference IP or Contact header ACLs from the file acl.conf by using the acl or contactacl options.

pjsip.conf

acl

Access Control List

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

acl

Custom

 

false

List of IP ACL section names in acl.conf

contact_acl

Custom

 

false

List of Contact ACL section names in acl.conf

contact_deny

Custom

 

false

List of Contact header addresses to deny

contact_permit

Custom

 

false

List of Contact header addresses to permit

deny

Custom

 

false

List of IP addresses to deny access from

permit

Custom

 

false

List of IP addresses to permit access from

type

None

 

false

Must be of type 'acl'.

Configuration Option Descriptions

acl

This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.

contact_acl

This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.

contact_deny

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

contact_permit

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

deny

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

permit

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

Import Version

This documentation was imported from Asterisk Version GIT-15-6c374d863c

  • No labels