Difference between revisions of "Blacklist or whitelist"

From "AllStarLink Wiki"
Jump to: navigation, search
(Web Portal)
 
(26 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Occasionally it becomes necessary to block a poorly operating node. This method makes it very easy to manage the blacklist with three simple Asterisk CLI commands:
+
Occasionally it becomes necessary to limit connections to your node. With this configuration you can either blacklist (block) or whitelist (allow) inbound connections. Outbound connections are not blocked. Only one list can be used at a same time and it applies to all nodes on the server. If using the whitelist all nodes on the local server (127.0.0.1) are allowed. The lists are managed with these Asterisk CLI commands:
  
* database put blacklist 1998 "any comment"
+
* Blacklist
* database del blacklist 1998
+
** <code>*CLI> database put blacklist 1998 "any comment"</code>
* database show blacklist
+
** <code>*CLI> database del blacklist 1998</code>
 +
** <code>*CLI> database show blacklist</code>
 +
* Whitelist
 +
** <code>*CLI> database put whitelist 1000 "any comment"</code>
 +
** <code>*CLI> database del whitelist 1000</code>
 +
** <code>*CLI> database show whitelist</code>
 +
*Both
 +
** <code>*CLI> database show</code>
  
 +
''Note'': WA3DSP wrote a [https://hamvoip.org/downloads/node-ban-allow.sh menu script] for the above commands.
  
 +
==Blacklist Configuration==
 
Add this to extensions.conf just below the [radio-secure] context.
 
Add this to extensions.conf just below the [radio-secure] context.
 
<pre>
 
<pre>
Line 15: Line 24:
 
; to remove:
 
; to remove:
 
; database del blacklist 1998
 
; database del blacklist 1998
 +
; to list
 +
; database show blacklist
 
   
 
   
 
[blacklist]
 
[blacklist]
Line 20: Line 31:
 
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked)
 
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked)
 
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1)
 
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1)
exten => _XXXX!,n(blocked),Hangup;
+
exten => _XXXX!,n(blocked),Hangup
 +
 
 +
[whitelist]
 +
exten => _XXXX!,1,NoOp(${CALLERID(num)})
 +
exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)})
 +
exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1)  ;permit local IPs
 +
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1)
 +
exten => _XXXX!,n,Hangup
 
</pre>
 
</pre>
  
In iax.conf modify the [radio] context by commenting context = radio-secure and adding context =  blacklist
+
In iax.conf modify the [radio] context by adding and/or commenting context = lines.
 
<pre>
 
<pre>
 
[radio]
 
[radio]
Line 33: Line 51:
 
codecpriority = host
 
codecpriority = host
 
;context = radio-secure
 
;context = radio-secure
 +
;context = whitelist
 
context = blacklist
 
context = blacklist
 
transfer = no
 
transfer = no
 
</pre>
 
</pre>
 +
 +
== Web Portal ==
 +
If you want to have a blacklist for the web portal users you will need to modify the [allstar-public] context in extentions.conf
 +
 +
<pre>
 +
[allstar-public]
 +
 +
exten => s,1,Ringing
 +
exten => s,n,Set(RESP=${CURL(https://register.allstarlink.org/cgi-bin/authwebphone.pl?${CALLERID(name)})})
 +
exten => s,n,Set(NODENUM=${CALLERID(number)})
 +
exten => s,n,GotoIf($["${RESP:0:1}" = "?"]?hangit)
 +
exten => s,n,GotoIf($["${RESP:0:1}" = ""]?hangit)
 +
exten => s,n,GotoIf($["${RESP:0:5}" != "OHYES"]?hangit)
 +
exten => s,n,Set(CALLSIGN=${RESP:5})
 +
exten => s,n,Wait(3)
 +
exten => s,n,Playback(rpt/node|noanswer)
 +
exten => s,n,Saydigits(${NODENUM})
 +
exten => s,n,Set(CALLERID(name)=${CALLSIGN})
 +
exten => s,n,Set(CALLERID(num)=0)
 +
exten => s,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(name)})}]?blacklisted)
 +
exten => s,n,Rpt(${NODENUM}|X)
 +
exten => s,n,Hangup
 +
exten => s,n(hangit),Answer
 +
exten => s,n(hangit),Wait(1)
 +
exten => s,n(hangit),Hangup
 +
exten => s,n(blacklisted),Playback(privacy-you-are-blacklisted)
 +
exten => s,n(blacklisted),Playback(goodbye)
 +
exten => s,n(blacklisted),Wait(1)
 +
exten => s,n(blacklisted),Hangup
 +
</pre>
 +
Whitelist is not implemented here, but it should be easy to do
 +
 +
 +
To block a web-portal user you will need to add the callsign in capital letters to the blacklist. 
 +
* <code>*CLI> database put blacklist KM6RPT "no comment"</code>
 +
 +
  
 
[[Category:How to]]
 
[[Category:How to]]
 +
[[Category:Node Configuration]]

Latest revision as of 18:32, 27 January 2020

Occasionally it becomes necessary to limit connections to your node. With this configuration you can either blacklist (block) or whitelist (allow) inbound connections. Outbound connections are not blocked. Only one list can be used at a same time and it applies to all nodes on the server. If using the whitelist all nodes on the local server (127.0.0.1) are allowed. The lists are managed with these Asterisk CLI commands:

  • Blacklist
    • *CLI> database put blacklist 1998 "any comment"
    • *CLI> database del blacklist 1998
    • *CLI> database show blacklist
  • Whitelist
    • *CLI> database put whitelist 1000 "any comment"
    • *CLI> database del whitelist 1000
    • *CLI> database show whitelist
  • Both
    • *CLI> database show

Note: WA3DSP wrote a menu script for the above commands.

Blacklist Configuration

Add this to extensions.conf just below the [radio-secure] context.

[radio-secure]
...

; To add a node to the blacklist: 
; database put blacklist 1998 “any comment”
; to remove:
; database del blacklist 1998
; to list
; database show blacklist
 
[blacklist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(num)})}]?blocked)
exten => _XXXX!,n,Goto(radio-secure,${EXTEN},1)
exten => _XXXX!,n(blocked),Hangup

[whitelist]
exten => _XXXX!,1,NoOp(${CALLERID(num)})
exten => _XXXX!,n,NoOp(${IAXPEER(CURRENTCHANNEL)})
exten => _XXXX!,n,GotoIf($["${IAXPEER(CURRENTCHANNEL)}" = "127.0.0.1"]?radio-secure,${EXTEN},1)  ;permit local IPs
exten => _XXXX!,n,GotoIf($[${DB_EXISTS(whitelist/${CALLERID(num)})}]?radio-secure,${EXTEN},1)
exten => _XXXX!,n,Hangup

In iax.conf modify the [radio] context by adding and/or commenting context = lines.

[radio]
type = user
disallow = all
allow = ulaw
allow = adpcm
allow = gsm
codecpriority = host
;context = radio-secure
;context = whitelist
context = blacklist
transfer = no

Web Portal

If you want to have a blacklist for the web portal users you will need to modify the [allstar-public] context in extentions.conf

[allstar-public]

exten => s,1,Ringing
exten => s,n,Set(RESP=${CURL(https://register.allstarlink.org/cgi-bin/authwebphone.pl?${CALLERID(name)})})
exten => s,n,Set(NODENUM=${CALLERID(number)})
exten => s,n,GotoIf($["${RESP:0:1}" = "?"]?hangit)
exten => s,n,GotoIf($["${RESP:0:1}" = ""]?hangit)
exten => s,n,GotoIf($["${RESP:0:5}" != "OHYES"]?hangit)
exten => s,n,Set(CALLSIGN=${RESP:5})
exten => s,n,Wait(3)
exten => s,n,Playback(rpt/node|noanswer)
exten => s,n,Saydigits(${NODENUM})
exten => s,n,Set(CALLERID(name)=${CALLSIGN})
exten => s,n,Set(CALLERID(num)=0)
exten => s,n,GotoIf($[${DB_EXISTS(blacklist/${CALLERID(name)})}]?blacklisted)
exten => s,n,Rpt(${NODENUM}|X)
exten => s,n,Hangup
exten => s,n(hangit),Answer
exten => s,n(hangit),Wait(1)
exten => s,n(hangit),Hangup
exten => s,n(blacklisted),Playback(privacy-you-are-blacklisted)
exten => s,n(blacklisted),Playback(goodbye)
exten => s,n(blacklisted),Wait(1)
exten => s,n(blacklisted),Hangup

Whitelist is not implemented here, but it should be easy to do


To block a web-portal user you will need to add the callsign in capital letters to the blacklist.

  • *CLI> database put blacklist KM6RPT "no comment"