Long time ago my friend asked to configure SIP server without any web-ui. As result I got next configuration which is a bit specific for Ukraine.
extensions.ael
context local {
_1[1-3]XX => {
Dial(SIP/${EXTEN},20,Tt);
};
_NXXXXXX => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_0NXXXXXXXX => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_10[1-4] => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_911 => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_15XX => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_00. => {
Set(CALLERID(all)=DEFAULT_TRUNK);
Dial(SIP/${EXTEN}@DEFAULT_TRUNK,20,TtwW);
};
_88. => {
AGI(out_dial.php);
};
};
context from-trunk {
_X. => {
Answer();
Set(CALLERID(name)=${EXTEN}|${CALLERID(num)});
Dial(SIP/1111,20,Tt);
HangUp();
};
};
1[1-3]XX - mask for internal numbers
DEFAULT_TRUNK - name of default trunk for outbound calls if no extra code was specified
_88. - special code to select specific outbound trunk
AGI(out_dial.php); - script-handler for outbound calls
out_dial.php
#!/usr/bin/php -q
<?php
set_time_limit(0);
require('/var/lib/asterisk/agi-bin/phpagi.php');
require('/var/lib/asterisk/agi-bin/linelist.php');
$agi = new AGI();
$agi->noop('test');
$_onum = $agi->request['agi_dnid'];
$_lnum = substr($_onum, 2, 2);
$_did = substr($_onum, 4);
$agi->noop($_lnum."|||".$lines[$_lnum]."|||".$_did);
$lineid = "SIP/".$lines[$_lnum];
$agi->set_callerid($lines[$_lnum]);
$agi->exec_dial($lineid, $_did, "20,Tt");
?>
linelist.php - list of outbound lines configured on server
Since we had many lines I used 2-digit code - was send in $_lnum.
linelist.php
<?php
$lines = array(
'01' => 'DEFAULT_TRUNK',
'02' => 'ANOTHER_TRUNK',
);
?>
Summary
- Any inbound CALLERID(name) would be changed to line_name|caller_id
- Call to number 8802585XXXX would use line number 2 and call to number 585XXXX
Useful tips
Also, I changed default context in config to not existing one:
[general]
context=default
After that I installed and enabled fail2ban. So as result every attacker was banned by iptables.