How can i block unauthorized callers on dialplan

How can i block unauthorized caller using dialplan commands. I have some unauthorized callers which i will like to block and ban from my dialing plan

There’s stuff like the ZapATeller application.

Or the PrivacyManager application

The Dial application has hooks that can interface with the PrivacyManager application.

You can modify your dialplan patterns to match on caller ID with what used to be called ‘ex-girlfriend logic’

The parts of the dialplan that can be abused should be in contexts that are neither default nor associated with a peer that can be accessed externally.

For SIP, allowguest should be disabled, unless you need it, and otherwise the default context should be as above.

For SIP, peers should be authenticated using strong passwords, and, ideally, unpredictable device names.

For SIP, peers that can only be authenticated by user and password, should have address range restrictions.

For VoIP in general, tools like fail2ban and be used to dynamically add firewall rules after a failed attack.

The issue is there are many attacks which i do database check to see it the orign numbet exist and for those that are fake origins like 123 700 i want to block the IP. I allowed guest in the sip. Is that possible from the dialplan or o have to set something on the fail2ban

You can do a basic bash or php script and pass the IP as parameter using the variable ${CHANNEL(peerip)}

exten => _X.,1,Noop(Dead calls rising)
exten => _X.,n,Set(uri=${CHANNEL(peerip)})
exten => _X.,n,Verbose(3,Unknown call from ${uri} to ${EXTEN})
exten => _X.,n,System(/root/ ${uri})

Thank you. I want to block the IP and not allow it access anymore

Another workaround would be use Iptables and Asterisk System() command and pass IP value on the variable ${CHANNEL(peerip)}

same=>n,System(/sbin/iptables -A INPUT -s ${CHANNEL(peerip)} -j DROP)

Thank you. I was using this command
exten => s,n, System(iptables -w -I INPUT -s ${IP_NUMBER} -j DROP)

And please will it block the IP forever unless I unblock it

Iptables is no Asterisk related issue, you first need to learn how to use iptable and then implement it on Asterisk using the System() command, incase you have issue on how to use iptable use the linux command man iptables

Syntax to block an IP address under Linux

iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with your actual IP address. For example, if you wish to block an ip address for whatever reason then type the command as follows:

iptables -A INPUT -s -j DROP

Setting made using iptables -I will only last until the next reboot.