Skip to main content

outbound restricted

Posted by Jasril on Thu, 02/10/2011

hey, i'm trying to restrict one of my customers from dialing certain area codes...
so i added those area codes into my outbound routes
IE
_1900NXXXXXX Restricted

and i made the extensions disallowed to use restricted routes

but asterisk is still using my long distance route whenever it makes a call to my restricted pattern

thanks for your time


Submitted by Jasril on Mon, 02/21/2011 Permalink

In this, i am trying to restrict calling 1800 numbers, since i happen to have one to test it with unlike a 900 number, i haven't manually edited any of this, it's all been done through the web UI so far


[outgoing-test]
ignorepat => ${DIALOUT}
include => outgoing-unrestricted-test

exten => _1800NXXXXXX,1,Macro(tl-dialout-1-trunk,60,SIP/VoIP-Innovations,,,) ; Restriction Test
[outgoing-unrestricted-test]
ignorepat => ${DIALOUT}
include => outgoing-emergency-test

exten => _NXXNXXXXXX,1,Macro(tl-dialout-1-trunk,120,SIP/VoIP-Innovations,1) ; 10 digit dialing
exten => 411,1,Macro(tl-dialout-1-trunk,60,SIP/VoIP-Innovations,18004664411,3,) ; Information
exten => _NXXXXXX,1,Macro(tl-dialout-1-trunk,60,SIP/VoIP-Innovations,1213,0,) ; Local numbers
exten => _1808NXXXXXX,1,Macro(tl-dialout-1-trunk,60,IAX2/BinFone,,0,) ; Hawaii
exten => _${INTERNATIONAL-PREFIX}.,1,Macro(tl-dialout-1-trunk,60,IAX2/BinFone,,0,) ; International
exten => _1907NXXXXXX,1,Macro(tl-dialout-1-trunk,120,IAX2/BinFone,,,) ; Alaska
exten => _1NXXNXXXXXX,1,Macro(tl-dialout-1-trunk,60,SIP/VoIP-Innovations,,0,) ; LONG DISTANCE
[outgoing-emergency-test]
ignorepat => ${DIALOUT}

exten => 911,1,Macro(dialout-911,60,SIP/VoIP-Innovations,,,) ; Emergency

Submitted by mike82 on Fri, 02/25/2011 Permalink

Make _1NXXNXXXXXX restricted and add the routes you want to be unrestricted. Any route you don't add will automatically restricted.

Unless you want your users to be able to dial every number except 900.

Submitted by Jasril on Fri, 02/25/2011 Permalink

i pretty much do want to only block 900 heh, but if thats what it takes i may just have to put in all those other variables =/

Submitted by Jasril on Fri, 02/25/2011 Permalink

funny, you'd think it'd check against the restricted numbers first, then go on to unrestricted... oh well, thanks for the input Mike :)

Submitted by eeman on Sat, 02/26/2011 Permalink

restricted numbers arent blocked numbers, theyre numbers that only someone with access to restricted patterns are allowed to call. a mere lack of a pattern is a restriction. Also making a rule like

_1900XXXXXXX,1,Congestion

is a simple way to poison 900 numbers

Submitted by xxot on Thu, 11/10/2011 Permalink

A little bit confusing logic - when unrestricted route _NXXXXXXXXX take precedence over restricted route 1112223333. Usually people expect that more strict deny rule (with longest prefix match, btw) is more strong that permit rule. What is the sense of thirdlane's restricted routing in this case? By default people permit all destinations and restrict certain, like Jasril going to do. Maybe I lost something, but I have tested 2 different versions and both have the same behavior. Please, advise.

Submitted by eeman on Fri, 11/11/2011 Permalink

what you need is training on how the hierarchy of included contexts works. Asterisk goes most specific to least specific within the current context, then starts progressing linearly through all the include => statements.

Submitted by eeman on Fri, 11/11/2011 Permalink

there is no such thing as thirdlane dialplan that exists outside of asterisk. all dialplan logic is asterisk based. you need to learn and understand it if you want to make the use of the restricted and internal levels of restrictions. They work just fine when you understand them.

Submitted by xxot on Fri, 11/11/2011 Permalink

It's absolutely true. My mistake was that initially I had tried to understand it from Thirdlane's documentation, not looking into dialplan.

Submitted by xxot on Tue, 11/15/2011 Permalink

This is how contexts for asterisk are formed by thirdlane:

[ Context 'from-inside-redir-thirdlane' created by 'pbx_config' ]
'h' => 1. Hangup() [pbx_config]
'i' => 1. Playback(invalid) [pbx_config]
2. Hangup() [pbx_config]
't' => 1. Hangup() [pbx_config]
Include => 'local-extensions-thirdlane' [pbx_config]
Include => 'feature-extensions-thirdlane' [pbx_config]
Include => 'outgoing-emergency-thirdlane' [pbx_config]
Include => 'outgoing-unrestricted-thirdlane' [pbx_config]
Include => 'outgoing-thirdlane' [pbx_config]
Include => 'parkedcalls-thirdlane' [pbx_config]

A question to experts: is it possible to insert new context between "outgoing-unrestricted-thirdlane" and 'outgoing-thirdlane'?
I need a context in which I may put poisoned routes like 800XXXYYYY for the users who have restrictions and don't generate this context for the users who have unlimited rights for calling.

Submitted by eeman on Fri, 11/18/2011 Permalink

it wont rewrite or remove if thats what you mean.. once the tenant is formed this section of dialplan is left untouched by the gui so you should be fine to add. another option, if you want to ban only some members from a pattern is to use Authenticate so that they have to know an access code. You'd be surprised what users will do if they want to call a number... such as going over to an unrestricted desk and making that call :-)

Submitted by xxot on Thu, 05/16/2013 Permalink

Thank God it's not my job - to watch negligent workers :)

What I did to restrict some destinations and leave main route opened:

in the file /etc/asterisk/extensions.include
swap lines
include => outgoing-unrestricted-jelezo
include => outgoing-jelezo

Now I have:
include => outgoing-jelezo
include => outgoing-unrestricted-jelezo

I don't know how to swap original, so you should do it for each tenant. I suggest, that Alex may fix it in new versions (if already not fixed).

In /usr/libexec/webmin/asterisk/lang/en
change lines
from-inside=Allow calling all numbers
from-inside-restricted=Disallow calling restricted numbers

on
from-inside=Disallow calling restricted numbers
from-inside-restricted=Allow calling all numbers

I have done it just for convenience.

Create a dummy trunk with a name "Null" which will play something like "Goodbye"

Now, create main route (_NXXNXXXXXX) as unrestricted and something like _800NXXXXXX as restricted route pointed to trunk "Null".

All users with Dialing permissions: "Disallow calling restricted numbers" will fall into context "from-inside" and use poisoned routes. Maybe this solution disrupts an idea "Restricted routes in Thirdlane", but it works for my task.

Submitted by kishore on Wed, 05/22/2013 Permalink

Hi eeman can you help me on bellow error

udptl.c:676 ast_rtp_read: (no tag): UDPTL read error: Socket operation on non-socket

Thanks
Club PBX,Inc