Restricting outbound calls in FreePBX (whitelist)

Previously, we discussed [b]preventing [/b]outbound calls from FreePBX by using two methods: Misc Applications and outbound routes. There is also (at least) two ways to [b]allow [/b]outgoing calls using a whitelist, i.e. allowing calls [b]only [/b]to the numbers specified.

The first one is extremely simple, and I can already hear you saying “Duh!”. But sometimes the answer to a problem is staring us right in the face and we miss it anyway. So at the risk of insulting some of you, and hopefully enlightening some of you, here it is: Password protect your outbound routes. Yes, extremely primitive – but it works! Password protect those routes that you don’t want your users calling, and just leave the others unprotected. This will allow for an environment where you have very tight control over outbound calls.

The second way to restrict outbound calls is much more sophisticated and allows for refined control of which extensions/user are restricted and which aren’t (obviously without the use of a password). One of the goals of this method are to restrict the outbound calls but [b]nothing else[/b]. This method will keep all other FreePBX applications available to the restricted user: Voice Mail, Conferences, Paging, Call Forwarding, etc. – will all be available. The only thing restricted will be outgoing calls.

The first step is to segregate the restricted context form the other users. Start by opening /etc/asterisk/extensions_custom.conf and adding the following context:

[from-internal-restricted] #exec /var/lib/asterisk/bin/restricted.sh

The next step is to make sure asterisk will ‘follow’ the ‘exec’. Open /etc/asterisk/asterisk.conf and make sure you have a line that reads:

execincludes=yes ; support #exec in config files

(specifically, ensure there is no ; at the begging of the line). Next download this script, and save it to /var/lib/asterisk/bin/restricted.sh. Now, create /etc/asterisk/whitelist and add a list of numbers that you want whitelisted. Here a helpful hint: you can a space and a description after the number so that you remember who’s number it is and why its there. Here’s an example:

2125551212 bob
6565552121 marry
4264441212 bill

The last step is to place any extension that you want restricted in to the restricted context. In FreePBX, click Extensions -> select the extension -> and scroll down to the context option. Append -restricted to the text and click submit.

Finally, from the linux cli, type amportal chown and reload the asterisk dialplan in your usual way, either by clicking the orange reload bar in FreePBX or by entering dialplan reload from the asterisk cli.

Now, try to place a call from your restricted context – it should be blocked!

The way this works is as follows: when you reload asterisk, it executes the restricted.sh scrip and includes its output in the dialplan (dynamically). The scipt reads the FreePBX generated dialplan and copys the entire from-internal-additional dialplan in to our custom context (well, not the entire dialplan per se – just the includes. For more on how this works see my previous articles). It then reads the numbers listed in your whitelist file and creates routes for them as Local channels (which are callable by restricted extensions as they can call all [b]internal[/b] extensions).Cool, eh?

Got another way to restrict outgoing calls? Lets hear about them in the comments!

[b]Moshe Brevda, FreePBX Development Team[/b] lazytt – FreePBX forums
hi365 – IRC

Open Telephony Training in the Pacific Northwest

Sometime early in 2006 I started building systems with AA@H. About the only inexpensive way to learn Asterisk was in the forums and blogs. It was in the Nervittles blog of Ward Mundy that I won entrance to the first Fonality trixbox® Open Communications Certification (FtOCC, pronounced “F-talk”) workshop, held in LA – March 2007.

The best thing that came out of FtOCC was putting faces to names I’d seen online. The technical level of FtOCC ended up being a bit too basic for me, and I started to ask around the greater Asterisk community if anyone, including Fonality, had plans to hold more of an engineers course in the near future. Fonality was dead silent. Philippe Lindheimer, the lead developer of the FreePBX project, whom was taking over for Rob Thomas at the time… wasn’t.

Philippe and I engaged in lengthy discussions and I even enticed some of the FreePBX team out for a gourmet meal to talk about what would make the ultimate Asterisk/FreePBX seminar. As things progressed, I was introduced to Tony Lewis and Ethan Schroeder of Schmoozecom (a successful Asterisk based solutions provider) when FreePBX and Schmoozecom collaborated to create the Open Telephony Training Seminar or OTTS for short. The 1st of which February 27-29th , 2008 in Charleston, SC.

I helped shape the OTTS experience with FreePBX and Schmooze, providing my parts of the expertise and producing parts of the content that I have spoken publicly on in other venues and I was invited along to teach the E911 section of the course. It was a roaring success and a great time was had by all.

Fast forward to 2009 and I am organizing the first OTTS in the Pacific Northwest. On April 21st, 22nd and 23rd, 2009 the trainers at FreePBX.org have cooked up something very nice for the next offering of the Open Telephony Training Seminar as the venue is located in the northwest corner of Washington State , halfway between Seattle and Vancouver, BC sits Lummi Island, home of The Willows Inn , an historic Bed and Breakfast retreat. FreePBX-athon redux. This time Philippe Lindheimer and I will be teaching this course in a slightly modified version to fit the venue. Most of the marketing section has been omitted and the class is three days instead of four. It will feature a live lab for demonstration and student use during the course.

The Open Telephony Training Seminar provides some of the best Asterisk®/FreePBX® VoIP training available and has an additional constant source of enjoyment – trainers and learners tend to stick together through meals and enjoy good conversation into the evening. These adhoc roundtables are not planned, it just happens and is said to be one of the great joys of the Open Telephony Training Seminar.

Learners are in for a treat at the Willows Inn as its organic, authentic farm-to-table fine dining is consistent with Slow Food, making The Willows Inn one of the most sought after B&Bs and agritourism destinations in the San Juan Islands. And just as small class size benefits our children in school, small class size in technology training is also better for the adult learner and with chef prepared organic meals the trainers and learners will have plenty of time together. Arrangements can be made for spouses to attend meals and otherwise relax as their significant other learns. Learners considering bringing a spouse along may want to book early as all the rooms at the Inn are great, but each is different and you can choose until they are filled.

After the seminar, On April 26th and 27th the tenth annual LinuxFest Northwest 2009 is being held in nearby Bellingham, Wa. As an added bonus, learners who want to stay and attend Linuxfest will be offered weekday rates that weekend at the Willows Inn. Book early if that is something you are interested in.

We need to fill ten seats to make our new format a reality and as these events are always great, the value is there. The Willows Inn has allowed us to block off their entire facility, but it means filling it up to make the class a reality. So with that note, we need to get 10 participants – and are offering a 20% discount for the first 3 to sign up by March 15th date to make sure we reach that goal. Contact me at rkeller at legoebayuc.com for the coupon code.

Please consider joining us.