ACL import

[Neoscopio]

Hi,
Is there a way to import ACL lists to fusionpbx? Or alternatively, use the plain acl.conf.xml from freeswitch?

 

[Adrian Fretwell]

You could import directly to the database. The tables you will be interested in are v_access_controls and v_access_control_nodes.

select * from v_access_controls;

         access_control_uuid          | access_control_name | access_control_default | access_control_description
--------------------------------------+---------------------+------------------------+----------------------------
 9325e0ee-2ee3-4fc9-81ca-d849e2c239e7 | lan                 | allow                  |
 f80b90b7-1016-47e4-8e05-4bbd36b8e48c | domains             | deny                   |
 1e6ced7e-7286-4ecd-8b41-0c067d9033a2 | proxy               | deny                   |
(3 rows)

Note the UUID of the access control you are interested in, then create some update SQL. If you do it completely manually you will need to generate some UUIDs for the inserted records. The following would add to my "domains" ACL:

insert into v_access_control_nodes values ('fa628e14-9e56-4e15-adb2-8539e31fd554','f80b90b7-1016-47e4-8e05-4bbd36b8e48c', 'allow', '192.168.11.12/32', NULL, 'My Provider No. 1');
insert into v_access_control_nodes values ('0c115e90-5375-4d6b-acfe-fe599bfe9ff9','f80b90b7-1016-47e4-8e05-4bbd36b8e48c', 'allow', '192.168.13.14/32', NULL, 'My Provider No. 2');

I'm sure you get the idea...

If you make changes to the ACL, remember to flush cache and reload XML from the Status->SIP Status menu.

 

[Neoscopio]

Thanks, I would then leave it as a feature request.

I'm trying to deny all except my interest networks, and maybe my country only. I know I can use iptables directly, but I think this can be more flexible and practical in a maintenance point of view, (and also logs) but if you have a long list of acl networks it's impratical wo importing.