On Fri, Jun 4, 2010 at 11:52 AM, Raimund Sacherer <[email protected]> wrote: > Hello, > > We have a scenario in which there are 2 sites, one in europe and one in > mexico, they are connected via an IAX channel, problem is that the location > in mexico has only a dynamic IP connection to the Internet. > > Because of the dynamic IP I can not create IP-Tables rules to only allow this > connection from the outside. But I need to restrict > calls because there was > a break-in which called out. What is the problem with iptables and dynamic IP? What exactly are you trying to achieve? How would you on a static IP?
> > So, is it possible to restrict sip-accounts, which connect through an outside > IP, to only be able to call to extensions and are not allowed to dial out? Just pass the nescesarry context to your "outside" peers: sip.conf: [InsideCustomers] context=DialOutWhereever ; you can dial out from this context deny=0.0.0.0/0.0.0.0 allow=192.168.0.0/255.255.0.0 [OutsideCustomers] context=ThisContextDoesNotExist deny=0.0.0.0/0.0.0.0 allow=0.0.0.0/0.0.0.0 And your "outside" SIP peers will be jailed. > Are there other possible solutions I am not aware of? > > best regards > Ray -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
