This weeks #FridayFun is taken from part of the post I did yesterday which updates how to use dialplan hooks for fpbx versions 15 and up. Much of that material is not new, but the section at the end about the Allowlist module deserves a bit of extra attention.
If you’re not familiar with Allowlist, it has been around for a few years now and is used for filtering inbound calls by caller ID number. It works in reverse to the Blacklist module, callers whose numbers have previously been added to the allow list or to the contact manager, get sent to the destination defined in the inbound route. All other callers are sent to an alternate destination, which could be straight to Hangup, or to be more friendly to voicemail or elsewhere. I’ve been using it for my home system for years to send unknown callers to an IVR that forces them to enter DTMF to proceed. I get 2-3 unsolicited calls a year and another handful of wrong numbers. I have nearly 100% success blocking spammers and robots.
The Allowlist module has a dialplan hook that an admin can use to add custom dialplan to inbound calls. If you configure your inbound route to enable the Allowlist, and then make an inbound call, you will see a log line like this in the asterisk full log:
# tail -f /var/log/asterisk/full | grep predial
[2025-05-15 12:10:40] VERBOSE[1475682][C-00000027] pbx.c: Executing [s@app-allowlist-check:1] GosubIf("PJSIP/2.us-east.clearlyip.com-00000036", "0?app-allowlist-check-predial-hook,s,1()") in new stack
Knowing the hook subroutine context is called app-allowlist-check-predial-hook
we can populate that context in extensions_custom.conf
, with something like this basic block:
[app-allowlist-check-predial-hook]
exten => s,1,NoOp(Entering user defined context app-allowlist-check-predial-hook in extensions_custom.conf)
exten => s,n,Return
Now an inbound call generates Asterisk full log lines like this:
# tail -f /var/log/asterisk/full | grep predial
[2025-05-15 12:16:17] VERBOSE[1476198][C-00000028] pbx.c: Executing [s@app-allowlist-check:1] GosubIf("PJSIP/2.us-east.clearlyip.com-00000037", "1?app-allowlist-check-predial-hook,s,1()") in new stack
[2025-05-15 12:16:17] VERBOSE[1476198][C-00000028] pbx.c: Executing [s@app-allowlist-check-predial-hook:1] NoOp("PJSIP/2.us-east.clearlyip.com-00000037", "Entering user defined context app-allowlist-check-predial-hook in extensions_custom.conf") in new stack
[2025-05-15 12:16:17] VERBOSE[1476198][C-00000028] pbx.c: Executing [s@app-allowlist-check-predial-hook:2] Return("PJSIP/2.us-east.clearlyip.com-00000037", "") in new stack
So what can you do with this hook? It’s not necessarily ideal for adding your own dialplan for all inbound calls, since these contexts are only called when the inbound route has allowlist enabled. The intent here is for cases where you wish to add more sophisticated logic for allowing a call than what the GUI provides. You could do a curl of an external API or call an AGI file with whatever logic you want to determine if the caller should be allowed. Once the caller is determined to be trusted, you then set the callerallowed
channel variable with a line that might look like:
exten => s,n,Set(callerallowed=1)
Once the channel var callerallowed
has been set to 1, it will bypass the remaining Allowlist dialplan and send the call to the usual destination set in the inbound route.