Hi Jan, > the first issue is probably a misunderstanding what the prefixes in > the FileIPAuth rules mean and I have clarified that in the CVS manual a > minute ago: > > The prefixes specify the destination numbers an endpoint with that IP > may call and are only checked in Setup messages. The prefixes _do_not_ > restrict the aliases the endpoint can register with. OK, got the point. However, is there some way to limit registrations then? I don't want the endpoints to register with arbitrary numbers. I have this capability for aliases in [RasSrv::RRQAuth] section, but is there any way to use this for the numbers? > Your 2nd issue is caused by the fact that GnuGk can only see the IP of > the immediate next endpoint/neighbor sending the call. There is no way > to check if that call really originates at that endpoint. > If you neighbor may call that destination, then anybody who may route > calls through your neighbor may also call that destination. I've temporarily solved the problem by removing the most painful numbers from the AcceptedPrefixes list in the [Neighbor::...] configuration. But this solution is very coarse and doesn't suit my needs completely. Even if originating IP addresses are not available (I've already found that from packet sniffing), I'd like to filter at least based on source numbers - those seem to be present in RasMessage->admissionRequest->srcInfo->dialedDigits (semantics based on Wireshark). We have this capability for aliases in the [PrefixAuth], but would it be possible to make it work also for numbers? Thanks a lot! Petr ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
