Using an allowed host list

Blueworx Voice Response for AIX supports the use of an allowed host list of IP addresses from which SIP Requests are accepted. A sample configuration file named allowedHostList.ini.orig, and a working copy named allowedHostList.ini are provided in directory $SYS_DIR/voip. This file contain comments explaining how to use the file, and also some example configurations.

To configure Blueworx Voice Response for AIX to use an allowed host list:

  1. Edit allowedHostList.ini to list on separate lines, allowed individual IP addresses, or an allowed range of IP addresses, defined by a netmask in the format ipaddress;netmask.

     

    ipaddress
    The IP address whose subnet you want to allow
    netmask
    The part of the IP address that is considered to be the allowed subnet. IPv4 and IPv6 addresses are supported.

    For example, a setting of 192.168.1.1;255.255.0.0 configures Blueworx Voice Response to accept SIP requests from any IP address beginning with 192.168.

    A setting of 192.168.1.1;255.255.255.255 configures Blueworx Voice Response to accept SIP requests only from IP address 192.168.1.1. This has the same effect as omitting the netmask parameter.

    If the network is IPv6, a setting of 192.168.1.1;255.255.0.0 would also accept SIP requests from any IP addresses that end in those values in other areas of the IPv6 range. The netmask to match IP addresses only in the IPv4 range would be FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.0.0 (assuming it is paired with an IPv4 address).

  2. From the Blueworx Voice Response Welcome window:
    1. Click Configuration -> System Configuration -> Change -> VoIP SIP Signalling.
    2. Select Use allowed host list.
    3. Click Yes.
    4. Click File -> Save to save the configuration.

    See Use allowed host list for further information on the system parameter.

  3. Disable all trunks that use VoIP.
  4. Re-enable VoIP trunks. The allowedHostList.ini configuration file is only read when VoIP starts up, and the Use allowed host list parameter is set to Yes.

After configuration, SIP calls from IP addresses that are not on the allowed host list will be rejected and a SIP 403 Forbidden message issued. The reason given in the message is Requestor not from an accepted host.

Yellow Blueworx Voice Response warning alarms stating Blocked request from non-accepted host are issued whenever a request from an IP address that is not on the accepted host list is rejected. The warning includes the originating IP address of the blocked host.