Thursday, 13 March 2014

Asterisk - Outbound Whitelisting

16:07 Posted by Jurgens Krause , 1 comment
There are numerous ways to handle outbound whitelisting on asterisk, but I needed a solution where the end user could simply ftp a text file to the server to update the whitelist.


You will need to create the following files:
/etc/asterisk/checkwhitelist.sh
/etc/asterisk/whitelist.txt

Start with:
#vim /etc/asterisk/checkwhitelist.sh


and add the following contents:
if grep -q $1 "/etc/asterisk/whitelist.txt"; then
echo "1"
else
echo "0"
fi
After creating the file, make it executable with the following command:
chmod a+x /etc/asterisk/checkwhitelist.sh

Also create the following file:
#vim /etc/asterisk/whitelist.txt
You can then add the allowed numbers to this text file, one per line. eg:
0123456789
0124567890
0126789012

I will keep the example dialplan simple for illustrative purposes:

#vim /etc/asterisk/extensions.conf:

Place the following code in you outbound context:
[outgoing]
include => internal

exten => _XXX.,1,NoOp(Going Out)
same => n,Macro(whitelist,${EXTEN})
same => n,HangUp()

[macro-whitelist]
exten => s,1,GotoIf(${SHELL(/etc/asterisk/checkwhitelist.sh ${ARG1}):0:-1})?allowed:notallowed)
same => n(allowed),NoOp(You may call ${ARG1})
same => n,Dial(SIP/upstream/${ARG1})
same => n,HangUp()
same => n(notallowed),NoOp(YOU ARE NOT ALLOWED TO CALL ${ARG1})

same => n,HangUp()
The first line matches any outgoing call with more than 4 digits
The second line passes it to the whitelist macro

The first line in the macro calls a shell script with the dialed number as the only argument. The sript returns a zero if the number is not found, and a one if it is found. If the number is found it is passed to "(allowed)" which places the call. If it is not found it is passed to "(notallowed)" which simply ends the call.

Do a "dialplan reload" in Asterisk. Any phones in the [outgoing] context will only be able to dial numbers in the whitelist.


1 comment:

  1. Thanks. Worked perfectly.
    Also adapted it to check for a PIN if the number is not in the whitelist.

    ReplyDelete