Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #temp directory and filename.
- TempFileNameAndPath="/etc/asterisk/disallowedextensions.txt"
- #this is the ALLOWED devices in your system
- #if you just one, use "'DeviceName'"
- #if multiple use "'Device1Name\|Device2Name'" and use the \| as a seperator
- alloweddevices="'Bria'"
- #number of minutes to pause after previous firewall bans are removed to allow new extensions to try and reconnect
- pauseminute=0
- #This lets you set an extension range that would be affected.
- #for testing, set both values to match your test extension
- lowestextension=3151
- highestextension=3151
- #this code removes any previous blocks the script put in.
- sipphonesANDip="$TempFileNameAndPath"
- while IFS= read -r line
- do
- extensionIP="$(cut -d' ' -f2 <<<"$line")"
- FirewallCommand="fwconsole firewall del blacklist "$extensionIP""
- eval "$FirewallCommand"
- done < "$sipphonesANDip"
- #delete the temp file, as we've cleared all users from firewall.
- rm $TempFileNameAndPath
- #pause script for X minutes. This will allow anyone who have been blocked by this script to get time to reconnect
- sleep ${pauseminute}m
- #this pulls all registered extensions in asterisk. Final output is the extension number and IP address.
- sipphonesANDip="$(asterisk -rx 'sip show peers' | grep / | awk '{print $1,$2}' | awk 'BEGIN { FS = "/" } ; {print $2}')"
- #now we parse the list of extensions and IPs to make sure they are valid. This should sort out SIP TRUNKS too
- while read -r sipphonesANDip
- do
- #were going to make sure the extension is valid (sometimes they can be names like a trunk so we want to sift those out)
- extensionnumber=$(echo $sipphonesANDip | awk '{print $1}')
- #checking to see if the extension is an INTIGER.
- if expr "$extensionnumber" : '-\?[0-9]\+$' >/dev/null
- then
- echo "$extensionnumber valid extension value"
- else
- echo "$extensionnumber invalid extension. Skipping."
- continue
- fi
- #check to see if the number is within a valid range to work with that was set in the variables at the top
- if [ "$extensionnumber" -le "$highestextension" ] && [ "$extensionnumber" -ge "$lowestextension" ]
- then
- echo "$extensionnumber IN RANGE";
- else
- echo "$extensionnumber OUT OF RANGE"
- continue
- fi
- #this will remove extensions that have no IP assigned.
- extensionIP=$(echo $sipphonesANDip | awk '{print $2}')
- if [ "$extensionIP" = "(Unspecified)" ]
- then
- echo "$extensionIP is null"
- continue
- fi
- #I have not worked out how to send a variable to the "asterisk -rx" command from bash. So did it using EVAL command.
- #output looks like below and is stored in a temp file (assigned in the variable at the beginning). EVAL can't save to a STRING, so file it is. Now we query each registered extension in asterisk to get its USERAGENT value
- #3151 10.1.210.33 Useragent : MicroSIP/3.19.28
- command="asterisk -rx 'sip show peer "$extensionnumber"' | grep Useragent | grep -v "$alloweddevices" | sed 's/^/"$sipphonesANDip" /' >> "$TempFileNameAndPath""
- eval "$command"
- done <<<"$sipphonesANDip"
- #now we take the temp file generated above, parse out the IP address and set it to be blocked in firewall
- sipphonesANDip="$TempFileNameAndPath"
- while IFS= read -r line
- do
- extensionIP="$(cut -d' ' -f2 <<<"$line")"
- echo "$extensionIP"
- FirewallCommand="fwconsole firewall add blacklist "$extensionIP""
- #Comment out this next line if you want to test, but not apply any rules to the firewall
- eval "$FirewallCommand"
- done < "$sipphonesANDip"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement