Only allow clients to register from our internal network?

I am running Asterisk 1.2.26 (through Trixbox actually). How can I prevent clients (SIP phones in this case) from registering from the outside world? Someone brute forced a password for one of our phones and was making outbound calls.

I read that permit= can be used in sip.conf, but I don’t see a place to put this in the trixbox interface, and I think it will just get overwritten then. Is there a way to do it globally? I think there are some sip_* files I can edit that don’t get overwritten by trixbox.

thanks.

Hi I guess you could try putting in sip_custom.conf (in think thats the file)

See if that works

Ian

I didn’t find a file with that name but I think I can put things in extensions_custom.conf and they won’t get overwritten.

How would I put a permit= line in there that affects all extensions?

Normally I think you’d put the permit= line under a [whatever] line so its grouped with that extension.

No its a sip_custom.conf file i think if its not then you have to add a permit=xxx to every extension in the peer details

Ian

I could not figure out where to put a permit= line (I searched my whole system, no sip_custom.conf file anywhere), so I just turned off pretty much everything on the firewall. That also prevents us from using softphones out in the field, and from allowing other voip users to call us directly, but it will work for now.

I believe in the sip.conf you can add the following lines to each sip client…

permit=192.168.0.0/255.255.0.0
permit=172.16.0.0/255.255.0.0
permit=10.0.0.0/255.0.0.0

Of course just use your internal network subnet.

Yes, that would work for a short time - but since Trixbox writes out the config files every time I make a change (in FreePBX or whatever), it would get overwritten.

I think a later version of FreePBX has support for the permit= attribute. I’m not sure how to upgrade though, since I use Trixbox. I don’t know if I can just manually upgrade it, or if that will mess up other things.