So I have this customer asking us to white-list their bunch of IPs for (only) incoming SIP calls. Our system is running with iptable rules to filter the traffic and Asterisk is setup with allowguest=no. Allowing traffic in iptables is not an issue.
I don’t want to add all of them in sip.conf so I was thinking of using deny/permit for this peer with following definition but it didn’t work!
The customer is sending calls with different From field most of the time and they want us to authenticate based on source IP.
[from_this_new_customer]
;Only incoming calls so user
type=user
disallow=all
allow=ulaw,alaw
port=5060
host=dynamic
deny=0.0.0.0/0.0.0.0
permit=XX.XX.X.X/255.255.255.0
dtmfmode=inband
context=some_context_here
;Don’t want to challenge the INVITE
insecure=port,invite
directmedia=no
qualify=no
Asterisk is responding with 401 Unauthorized. Should it challenge INVITE here?
Am I missing anything or permit/deny doesn’t work this way?
Thanks,
–Satish Barot