In this setup, you can ommit the default rule - it is required only if all preceeding modules are set as optional. You should look at auth rules both "horizontally" and "vertically" - each event is passed down through all rules. So, in case of RRQ is is first processed by AliasAuth, then (if AliasAuth cannot accept or reject the request) by PrefixAuth (which just does nothing and passes control to the next module), and finally by the default rules, which rejects all requests. So let's see what happens if Q.931 Setup event is processed: AliasAuth does nothing and passes control to the PrefixAuth, the PrefixAuth passes control to the default module, the default module rejects the request (the call). One important thing is that the processing is UNCONDITIONALLY aborted, if any module REJECTS the request - then the final result is always REJECT, no matter how would remaining rules decided. So even if you have default=allow and AliasAuth rejects RRQ or PrefixAuth rejects LRQ or ARQ, then the request is always rejected. ----- Original Message ----- From: "david winter" <dwinter@xxxxxxxxxxxxxxxxxx> Sent: Wednesday, August 04, 2004 9:16 PM > I get this debug when using the default=deny, but the calls work when > using default=allow. So, is default a last resort check? if alias and > prefix reject, will the default=allow still let the call thru? using CVS > proxy-thread-fix. > > 2004/08/04 19:17:16.256 3 gkauth.cxx(1050) GKAUTH default > Setup check failed > 2004/08/04 19:17:16.256 4 ProxyChannel.cxx(1324) Q931 Dropping > call #83 due to Setup authentication failure > > [Gatekeeper::Auth] > AliasAuth=optional;RRQ > PrefixAuth=sufficient;LRQ;ARQ > default=deny > > -- > David Winter ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
