One of the most required features of any PBX in any company is call restrictions. Now i know there are many written articles about this and many different ways to do it from easy to complex way but i find my method quite easy to implement and involves no manually editing any file.
Now all you need is Custom Context module (click for more information on how to download and install it in FreePBX)
Now lets start making some people angry with restrictions.
For the rest of the guide i will use my own setup as How-to and example.
First thing that you need is identify how many levels/groups of restriction do you need:
I have 4 groups of restriction:
1) Only extensions – a group which will not be able to make any outbound calls only internal ones
2) National/local calls – a group which will be able to use all outbound routes that can call any number within a country
3) Any call with PINs – a group which will be able to make any call anywhere but each user has its own PIN code (PIN code will only be used when making international calls)
4) No restrictions – a group without any kind of restriction, that includes no PINs as well (bosses really hate having restrictions pins, etc and it makes sense since they pay the bills).
Now we go and apply these restriction accordingly.
Lets click Custom Contexts after it appeared when you installed the module which we will see two textboxes which we will fill right away with our first context:
1) The first one is Only local extensions so i will put in Context:
local-extensions
and Description:
Only local extensions
(I have to admit I'm very bad at naming so you are free to use your own naming convention)
Now we click submit and make the proper restrictions
First we Set All To: Deny (we don't want to change all those list boxes one by one)
Then we allow only ones that we want to allow so this groups is able to make local/internal calls.
Basically what we need to allow are:
Call Parking, ext-group, ext-local and ext-queues, there are some others that we could allow like app-speakextennum, app-speakingclock, app-userlogonoff but that is up to you and it depends what other app/modules you are using and have setup, and you have to make sure that all outbound routes are set to DENY or you shouldn’t read this guide at all.
Submit
Now before i continue with the rest of the guide I ASSUME that you allready have setup trunks and outbound routes (we’ll cover these in future… maybe…)
2) Create context: national-calls with a description Allow national calls.
Or better way you can go to your created 1st local-extensions context and duplicate it since we will use the previous setup and just add more allows.
Here i have allowed everything in the two first sections (Default internal context and Internal Dialplan) except ENTIRE Basic Internal Dialplan and ALL OUTBOUND ROUTES (these two should never be allowed)
And in the Outbound Routes sections i have allowed only the routes that are able to make local and national calls (i don't know what kind of hardware you do have but for example i have FXO adapters, Sipuras, GSM gateways and local ISP SIP accounts)
Click submit
3) Duplicate the context national-calls and name it lets say:
all-calls-wpin (All calls with pin restriction)
Now i believe you can guess what's next is that you just have to add those outbound routes that are left which can make international calls (in my case i have many different SIP providers that can make international landline/mobile calls for example, internetcalls, voipbuster, etc etc etc… there are really many of them)
4) Duplicate the previous one (all-calls-wpin) to no-restriction (Desc: Not any kind of restriction in the whole world ……… of this box :P)
So now just allow hmmm… what is more than calling internationally? Calling SPACE? Well there is a little trick that makes those international outbound routes work without PINs and as i mentioned outbound routes the trick is in there. Now all you have to do is duplicate/recreate those outbound routes that are with PIN sets :D, rename them to xxxxx-nopin and remove any PIN sets from these newly created outbound routes.
Okay now we have created duplicates of some outbound routes, removed the pin sets and now its time to go to Custom Contexts again. First select context no-restriction and make some restrictions (its now or never to make restriction for our bosses, grin…) and in Outbound routes deny access to Outbound routes that have PIN sets and allow to routes that are without pin.
Submit
Then
Go to context all-calls-wpin and deny outbound calls to routes that are without pins, of course allow the ones with pins.
You may ask why we are having double outbound routes with and without pins, well the thing is that when calling internationally you usually have your dial patter like “00.” and avoiding complications like having users call with 00 and bosses call with 99 or whatever is why we make double outbound routes but each group/context have access to its route respectively.
I hope you enjoy this guide.