Allowguest .. replacment available?


#1

Hi,

Up to know, I had into my sip.conf for security reasons : allowguest=no

I am using Virtualphoneline and I need to get “allowguest=yes” , in order to get the phone ringing…
Is there a way to allow phone calls from a list of IP addresses ? ( like allow=111.222.33…44 )

I would like to avoid leaving a hole of security in the system…

Any advise would be appreciate…

Ta.

Steve


#2

Take a look at the permit/deny directives for sip.conf.


#3

Seems not to work.

I tried :


allowguest=no ; Allow or reject guest calls (default is yes)
allowsubscribe=yes
notifyringing=yes
limitonpeer=yes
notifyhold=yes
permit=67.19.199.170/255.255.255.255

This seems not to accept calls from 67.19.199.170 :frowning:


#4

It should work with

allowguest=yes deny=0.0.0.0/0.0.0.0 permit=67.19.199.170/255.255.255.255 allow=<localnet>

You need to make sure, that every IP is permitted, which You will accept calls from/to.

Another approach would be using iptables instead and deny/permit port 5060-requests there.


#5

do you think that I can list the IP adresses that I authorize ?

ex:
allowguest=yes
deny=0.0.0.0/0.0.0.0
permit=67.19.199.170/255.255.255.255
permit=56.15.25.223/255.255.255.255
permit=34.15.58.223/255.255.255.255

allow=


#6

Yes you can :smile: