Allowing Peers From Specific Subnet Only

Home » Asterisk Users » Allowing Peers From Specific Subnet Only
Asterisk Users 3 Comments

Hi;

How I can make my configuration to allow the sip phones only from specific IP addresses range (for example from 192.168.10.1 – 192.168.10.50) to be allowed to connect for asterisk?

In other words, in addition to be authenticated based on the username and password, it is required that the IP address of the Phone to be from this range. How?

Regards Bilal

3 thoughts on - Allowing Peers From Specific Subnet Only

  • Hi

    You can achieve this with either permit/deny or contactpermit/contactdeny

    Single IP should be defined like :

    deny=0.0.0.0/0.0.0.0
    permit2.168.2.1/255.255.255.255

    And networks in similar way with appropriate subnet mask deny=0.0.0.0/0.0.0.0
    permit2.168.2.0/255.255.255.0

    You can also specify multiple subnets with ‘;’ like:

    permit2.168.2.0/255.255.255.0;192.168.1.0/255.255.255.0

    Regards, Zohair Raza

  • bilal ghayyad wrote:

    Hola,

    This can be accomplished using ACLs. They are configured using the deny and permit settings within sip.conf.

    Example:

    deny=0.0.0.0/0.0.0.0
    permit2.16.10.0/255.255.255.0

    This permits only devices from the 172.16.10.1-172.16.10.255 range.

    For cases where you may want to configure this in one place and share it around Asterisk 11 has introduced what are called “Named ACLs”.

    You can find further information on those at https://wiki.asterisk.org/wiki/display/AST/Named+ACLs

    Cheers,