SIP ACL module
This configuration documentation is for functionality provided by res_pjsip_acl.
Overview
ACL
The ACL module used by res_pjsip. This module is independent of endpoints and operates on all inbound SIP communication using res_pjsip.
There are two main ways of defining your ACL with the options provided. You can use the permit and deny options which act on IP addresses, or the contactpermit and contactdeny options which act on Contact header addresses in incoming REGISTER requests. You can combine the various options to create a mixed ACL.
Additionally, instead of defining an ACL with options, you can reference IP or Contact header ACLs from the file acl.conf by using the acl or contactacl options.
pjsip.conf
acl
Access Control List
Configuration Option Reference
Option Name |
Type |
Default Value |
Regular Expression |
Description |
|---|---|---|---|---|
|
|
|
List of IP ACL section names in acl.conf |
|
|
|
|
List of Contact ACL section names in acl.conf |
|
|
|
|
List of Contact header addresses to deny |
|
|
|
|
List of Contact header addresses to permit |
|
|
|
|
List of IP addresses to deny access from |
|
|
|
|
List of IP addresses to permit access from |
|
|
|
|
|
Must be of type 'acl'. |
Configuration Option Descriptions
acl
This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.
contact_acl
This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.
contact_deny
The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')
contact_permit
The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')
deny
The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')
permit
The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')
Import Version
This documentation was imported from Asterisk Version SVN-branch-13-r420538