Need help properly understanding ACL

[ewdpb]

Hi all,

I was wondering if somebody could help me understand what is the logic of ACL in FusionPBX. By default FusionPBX creares a domain ACL and an IP ACL. In the domain ACL it automatically adds, in the Domain field, whatever you have set as domain_name in your config installation file (it defaults to your local IP). So, when adding a GW provider, for instance, the provider IP must be added in the domain ACL in the CIDR field. I guess that logic comes from the SIP world.

So, my actual questions are:

- What is one supposed to add in the domain ACL? (besides provider's GW)
- What is one supposed to add in the IP ACL?

If I allow endpoint to connect to FusionPBX, it would be hugely cumbersome to add users IP's (specially when they are on the move / home / etc.). What is the strategy?

If anybody could point me at some documentation, that would be really helpful. FusionPBX and freeswitch documentations are designed with a "monkey see, monkey do" approach, they do not really explain much the "why" of things.

https://docs.fusionpbx.com/en/latest/advanced/access_controls.html
https://freeswitch.org/confluence/display/FREESWITCH/ACL

Thanks!

 

[ad5ou]

The simple answer is any IP in domains ACL can send calls to server's public context without needing usernam/password. This is normally only desired/needed for your providers.

In older versions of Fusion, the external sip profile(port 5080) did not require authentication so adding a provider IP to ACL was only required if provider could only send calls to internal sip profile (5060)

 

[ewdpb]

Thank you @ad5ou for the reply, that is very helpful indeed!. So, do you know what the LAN ACL is for?

 

[ad5ou]

I'm not aware of it being used anywhere by default