Limit internal extensions to only work from internal networks

This took me a long time to figure out. There may be better ways of doing it than this but the following addition to each of the internal extensions ensures registration and calls can only happen from networks connected directly to the FreeSWITCH server:

diff --git a/directory/default/1000.xml b/directory/default/1000.xml
index 9bee406..bdaf853 100644
--- a/directory/default/1000.xml
+++ b/directory/default/1000.xml
@@ -3,6 +3,7 @@
 <params>
 <param name="password" value="$${default_password}"/>
 <param name="vm-password" value="1000"/>
+      <param name="auth-acl" value="localnet.auto"/>
 </params>
 <variables>
 <variable name="toll_allow" value="domestic,international,local"/>

This seems to be needed in conjunction with the following change in sip_profiles/internal.xml

<param name="auth-calls" value="true"/>

Leave a Reply