Oliver Smith | 667f19b | 2019-11-08 18:16:30 +0100 | [diff] [blame] | 1 | <configuration name="acl.conf" description="Network Lists"> |
| 2 | <network-lists> |
| 3 | <!-- |
| 4 | These ACL's are automatically created on startup. |
| 5 | |
| 6 | rfc1918.auto - RFC1918 Space |
| 7 | nat.auto - RFC1918 Excluding your local lan. |
| 8 | localnet.auto - ACL for your local lan. |
| 9 | loopback.auto - ACL for your local lan. |
| 10 | --> |
| 11 | |
| 12 | <list name="lan" default="allow"> |
| 13 | <node type="deny" cidr="192.168.42.0/24"/> |
| 14 | </list> |
| 15 | |
| 16 | <!-- |
| 17 | This will traverse the directory adding all users |
| 18 | with the cidr= tag to this ACL, when this ACL matches |
| 19 | the users variables and params apply as if they |
| 20 | digest authenticated. |
| 21 | --> |
| 22 | <list name="domains" default="deny"> |
| 23 | <!-- domain= is special it scans the domain from the directory to build the ACL --> |
| 24 | <node type="allow" domain="$${domain}"/> |
| 25 | <!-- use cidr= if you wish to allow ip ranges to this domains acl. --> |
| 26 | <!-- <node type="allow" cidr="192.168.0.0/24"/> --> |
| 27 | <node type="allow" cidr="127.0.0.2/32"/> <!-- FIXME: ${SIPCON_LOCAL} --> |
| 28 | </list> |
| 29 | |
| 30 | </network-lists> |
| 31 | </configuration> |