Thursday, 13 March 2014

Asterisk - Outbound Whitelisting

16:07 Posted by Jurgens Krause , 3 comments
There are numerous ways to handle outbound whitelisting on asterisk, but I needed a solution where the end user could simply ftp a text file to the server to update the whitelist.


You will need to create the following files:
/etc/asterisk/checkwhitelist.sh
/etc/asterisk/whitelist.txt

Start with:
#vim /etc/asterisk/checkwhitelist.sh


and add the following contents:
if grep -q $1 "/etc/asterisk/whitelist.txt"; then
echo "1"
else
echo "0"
fi
After creating the file, make it executable with the following command:
chmod a+x /etc/asterisk/checkwhitelist.sh

Also create the following file:
#vim /etc/asterisk/whitelist.txt
You can then add the allowed numbers to this text file, one per line. eg:
0123456789
0124567890
0126789012

I will keep the example dialplan simple for illustrative purposes:

#vim /etc/asterisk/extensions.conf:

Place the following code in you outbound context:
[outgoing]
include => internal

exten => _XXX.,1,NoOp(Going Out)
same => n,Macro(whitelist,${EXTEN})
same => n,HangUp()

[macro-whitelist]
exten => s,1,GotoIf(${SHELL(/etc/asterisk/checkwhitelist.sh ${ARG1}):0:-1})?allowed:notallowed)
same => n(allowed),NoOp(You may call ${ARG1})
same => n,Dial(SIP/upstream/${ARG1})
same => n,HangUp()
same => n(notallowed),NoOp(YOU ARE NOT ALLOWED TO CALL ${ARG1})

same => n,HangUp()
The first line matches any outgoing call with more than 4 digits
The second line passes it to the whitelist macro

The first line in the macro calls a shell script with the dialed number as the only argument. The sript returns a zero if the number is not found, and a one if it is found. If the number is found it is passed to "(allowed)" which places the call. If it is not found it is passed to "(notallowed)" which simply ends the call.

Do a "dialplan reload" in Asterisk. Any phones in the [outgoing] context will only be able to dial numbers in the whitelist.


3 comments:

  1. Thanks. Worked perfectly.
    Also adapted it to check for a PIN if the number is not in the whitelist.

    ReplyDelete
  2. this works really fine, but i am in problem when i try to implement it in my scenario, suppose some one have 100's or 1000's of extensions, and he want to do outbound white list on every extension (where every extension have only 10 different white list numbers in it), how he would achieve this?

    i tried a work around with your given code , but miserably failed, i did a call re routing setup on each and every extension to look for, if there exists a number in corresponding extension's white list, but that didnt work. because of calling macros in macros (this is what i think) ...i will be greatfull to you if you can throw some light on it.

    ReplyDelete
  3. this link is main guide for me to call rerouting
    https://mikepultz.com/2010/05/automatic-dial-resource-fail-over-in-asterisk/

    ReplyDelete