/etc/ngcp-config/config.yml is the main configuration YAML file used by Sipwise NGCP. After every changes it need to run the command ngcpcfg apply my commit message to apply changes (followed by ngcpcfg push in the PRO version to apply changes to sp2). The following is a brief description of the main variables contained into /etc/ngcp-config/config.yml file.
This section contains parameters for the additional applications that may be activated on sip:carrier.
apps:
  malicious_call: no
  party_call_control:
    accepted_reply: 200*
    enable: no
    pcc_server_url: https://127.0.0.1:9090/pcc/${prefix}${callee}${suffix}
    request_timeout: '30'
    trigger_on_hangup: yesstatus data element
that means the "accepted" status of the call.
yes in order to enable the PCC feature.
${prefix},
${callee} and ${suffix}!
yes, NGCP will send a "terminate"
request to the PCC server at the end of the call.
| tip | |
| See the Section 16.4.5, “Configuration of PCC” section of the handbook for more details on PCC configuration. | 
The following is the asterisk section:
asterisk:
  log:
    facility: local6
  rtp:
    maxport: 20000
    minport: 10000
  sip:
    bindport: 5070
    dtmfmode: rfc2833
  voicemail:
    enable: 'no'
    fromstring: 'Voicemail server'
    greeting:
      busy_custom_greeting: '/home/user/file_no_extension'
      busy_overwrite_default: 'no'
      busy_overwrite_subscriber: 'no'
      unavail_custom_greeting: '/home/user/file_no_extension'
      unavail_overwrite_default: 'no'
      unavail_overwrite_subscriber: 'no'
    mailbody: 'You have received a new message from ${VM_CALLERID} in voicebox ${VM_MAILBOX} on ${VM_DATE}.'
    mailsubject: '[Voicebox] New message ${VM_MSGNUM} in voicebox ${VM_MAILBOX}'
    max_msg_length: 180
    maxgreet: 60
    maxmsg: 30
    maxsilence: 0
    min_msg_length: 3
    normalize_match: '^00|\+([1-9][0-9]+)$'
    normalize_replace: '$1'
    serveremail: voicebox@sip.sipwise.comThe following is the autoprovisioning section:
autoprov:
  hardphone:
    skip_vendor_redirect: 'no'
  server:
    bootstrap_port: 1445
    ca_certfile: '/etc/ngcp-config/ssl/client-auth-ca.crt'
    host: localhost
    port: 1444
    server_certfile: '/etc/ngcp-config/ssl/myserver.crt'
    server_keyfile: '/etc/ngcp-config/ssl/myserver.key'
    ssl_enabled: 'yes'
  softphone:
    config_lockdown: 0
    webauth: 0The following is the backup tools section:
backuptools:
  cdrexport_backup:
    enable: 'no'
  etc_backup:
    enable: 'no'
  mail:
    address: noc@company.org
    error_subject: '[ngcp-backup] Problems detected during daily backup'
    log_subject: '[ngcp-backup] Daily backup report'
    send_errors: 'no'
    send_log: 'no'
  mysql_backup:
    enable: 'no'
    exclude_dbs: 'syslog sipstats information_schema'
  rotate_days: 7
  storage_dir: '/var/backup/ngcp_backup'
  temp_backup_dir: '/tmp/ngcp_backup'The following is the bootenv section:
bootenv:
  dhcp:
    boot: '/srv/tftp/pxelinux.0'
    enable: 'yes'
    end: 192.168.1.199
    expire: 12h
    start: 192.168.1.101
  http_port: 3000
  http_proxy: ''
  https_proxy: ''
  ro_port: 9998
  rw_port: 9999
  tftp:
    enable: 'yes'
    root: '/srv/tftp'The following is the cdr export section:
cdrexport: daily_folder: 'yes' export_failed: 'no' export_incoming: 'no' exportpath: '/home/jail/home/cdrexport' full_names: 'yes' monthly_folder: 'yes'
The following is the check tools section:
checktools:
  active_check_enable: '1'
  asr_ner_statistics: '1'
  collcheck:
    cpuidle: '0.1'
    dfused: '0.9'
    eximmaxqueue: '15'
    kamminshmem: '1048576'
    lbminshmem: '1048576'
    loadlong: '2'
    loadmedium: '2'
    loadshort: '3'
    maxage: 30
    memused: 0.98
    siptimeout: '15'
    sslcert_timetoexpiry: '30'
    sslcert_whitelist: []
    swapfree: 0.02
  exim_check_enable: '1'
  force: '0'
  kamailio_check_concurrent_calls_enable: '1'
  kamailio_check_dialog_active_enable: '1'
  kamailio_check_dialog_early_enable: '1'
  kamailio_check_dialog_incoming_enable: '1'
  kamailio_check_dialog_local_enable: '1'
  kamailio_check_dialog_outgoing_enable: '1'
  kamailio_check_dialog_relay_enable: '1'
  kamailio_check_shmem_enable: '1'
  kamailio_check_usrloc_regdevices_enable: '1'
  kamailio_check_usrloc_regusers_enable: '1'
  monitor_peering_groups: '1'
  mpt_check_enable: '0'
  mysql_check_enable: '1'
  mysql_check_replication: '1'
  mysql_replicate_check_interval: '3600'
  mysql_replicate_check_tables:
  - accounting
  - billing
  - carrier
  - kamailio
  - ngcp
  - provisioning
  - prosody
  - rtcengine
  - stats
  mysql_replicate_ignore_tables:
  - accounting.acc_backup
  - accounting.acc_trash
  - kamailio.acc_backup
  - kamailio.acc_trash
  - ngcp.pt_checksums_sp1
  - ngcp.pt_checksums_sp2
  - ngcp.pt_checksums
  oss_check_provisioned_subscribers_enable: '1'
  sip_check_enable: '1'
  sipstats_check_num_packets: '1'
  sipstats_check_num_packets_perday: '1'
  sipstats_check_partition_size: '1'
  snmpd:
    communities:
      public:
      - localhost
    trap_communities:
      public:
      - localhostpublic in the example) are in a list
format, each line starting with "-" and followed by the source address.
checktools.snmpd.communities.
The following is the cleanup tools section:
cleanuptools:
  acc_cleanup_days: 90
  archive_targetdir: '/var/backups/cdr'
  binlog_days: 15
  cdr_archive_months: 2
  cdr_backup_months: 2
  cdr_backup_retro: 3
  compress: gzip
  delete_old_cdr_files:
    enabled: 'no'
    max_age_days: 30
    paths:
      -
        max_age_days: ~
        path: '/home/jail/home/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/resellers/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/system/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
  sql_batch: 10000
  trash_cleanup_days: 30acc table in kamailio database
will be deleted after this time
cdr_backup_months months first, and store them
in backup tables. Any older record will be left untouched.
cleanuptools.delete_old_cdr_files:
yes) or disable (no) exported CDR cleanup.
paths: an array of path definitions
yes) or disable (no) using wildcards in the path
yes) or disable (no) removing empty
directories if those are found in the given path
path
acc_trash and acc_backup
tables in kamailio database will be deleted.
For the description of cleanuptools please visit Cleanuptools Description Section 13.4, “Accounting Data (CDR) Cleanup” section of the handbook.
The following is the cluster sets section:
cluster_sets:
  default:
    dispatcher_id: 50
  default_set: default
  type: centraldefault
central or distributed
The following is the database section:
database: bufferpoolsize: 24768M
The following is the fax server section:
faxserver: enable: yes fail_attempts: '3' fail_retry_secs: '60' mail_from: 'Sipwise NGCP FaxServer <voipfax@ngcp.sipwise.local>'
The following is the general section:
general: adminmail: adjust@example.org companyname: sipwise lang: en maintenance: no production: yes timezone: localtime
The following is the haproxy section:
haproxy: admin: 'no' admin_port: 8080 admin_pwd: iKNPFuPFHMCHh9dsXgVg enable: 'no'
The following is the heartbeat section:
heartbeat:
  hb_watchdog:
    action_max: 5
    enable: 'yes'
    interval: 10
    transition_max: 10
  pingnodes:
    - 10.60.1.1
    - 192.168.3.4The following is the legal intercept section:
intercept:
  captagent:
    port: 18090
    schema: http
  enabled: 'no'The following is the kamailio section:
kamailio:
  lb:
    cfgt: no
    debug:
      enable: no
      modules:
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    external_sbc: []
    extra_sockets: ~
    max_forwards: '70'
    mem_log: '1'
    mem_summary: '12'
    nattest_exception_ips:
    - 1.2.3.4
    - 5.6.7.8
    pkg_mem: '16'
    port: '5060'
    remove_isup_body_from_replies: no
    security:
      dos_ban_enable: yes
      dos_ban_time: '300'
      dos_reqs_density_per_unit: '50'
      dos_sampling_time_unit: '5'
      dos_whitelisted_ips: []
      dos_whitelisted_subnets: []
      failed_auth_attempts: '3'
      failed_auth_ban_enable: yes
      failed_auth_ban_time: '3600'
      topoh:
        enable: no
        mask_callid: no
        mask_ip: 127.0.0.8
    shm_mem: '64'
    skip_contact_alias_for_ua_when_tcp:
      enable: no
      user_agent_patterns: []
    start: yes
    strict_routing_safe: no
    syslog_options: yes
    tcp_children: 1
    tcp_max_connections: '2048'
    tls:
      enable: no
      port: '5061'
      sslcertfile: /etc/ngcp-config/ssl/myserver.crt
      sslcertkeyfile: /etc/ngcp-config/ssl/myserver.key
    udp_children: 1
    use_dns_cache: on
  proxy:
    allow_info_method: no
    allow_msg_method: no
    allow_peer_relay: no
    allow_refer_method: no
    always_anonymize_from_user: no
    authenticate_bye: no
    cf_depth_limit: '10'
    cfgt: no
    check_prev_forwarder_as_upn: no
    children: 1
    debug:
      enable: no
      modules:
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    default_expires: '3600'
    default_expires_range: '30'
    dlg_timeout: '43200'
    early_rejects:
      block_admin:
        announce_code: '403'
        announce_reason: Blocked by Admin
      block_callee:
        announce_code: '403'
        announce_reason: Blocked by Callee
      block_caller:
        announce_code: '403'
        announce_reason: Blocked by Caller
      block_contract:
        announce_code: '403'
        announce_reason: Blocked by Contract
      block_in:
        announce_code: '403'
        announce_reason: Block in
      block_out:
        announce_code: '403'
        announce_reason: Blocked out
      block_override_pin_wrong:
        announce_code: '403'
        announce_reason: Incorrect Override PIN
      callee_busy:
        announce_code: '486'
        announce_reason: Busy Here
      callee_offline:
        announce_code: '480'
        announce_reason: Offline
      callee_tmp_unavailable:
        announce_code: '480'
        announce_reason: Temporarily Unavailable
      callee_tmp_unavailable_gp:
        announce_code: '480'
        announce_reason: Unavailable
      callee_tmp_unavailable_tm:
        announce_code: '408'
        announce_reason: Request Timeout
      callee_unknown:
        announce_code: '404'
        announce_reason: Not Found
      cf_loop:
        announce_code: '480'
        announce_reason: Unavailable
      emergency_invalid:
        announce_code: '404'
        announce_reason: Emergency code not available in this region
      emergency_unsupported:
        announce_code: '403'
        announce_reason: Emergency Calls Not Supported
      invalid_speeddial:
        announce_code: '484'
        announce_reason: Speed-Dial slot empty
      locked_in:
        announce_code: '403'
        announce_reason: Callee locked
      locked_out:
        announce_code: '403'
        announce_reason: Caller locked
      max_calls_in:
        announce_code: '486'
        announce_reason: Busy
      max_calls_out:
        announce_code: '403'
        announce_reason: Maximum parallel calls exceeded
      no_credit:
        announce_code: '402'
        announce_reason: Insufficient Credit
      peering_unavailable:
        announce_code: '503'
        announce_reason: PSTN Termination Currently Unavailable
      reject_vsc:
        announce_code: '403'
        announce_reason: VSC Forbidden
      relaying_denied:
        announce_code: '403'
        announce_reason: Relaying Denied
      unauth_caller_ip:
        announce_code: '403'
        announce_reason: Unauthorized IP detected
    emergency_priorization:
      enabled: no
      register_fake_200: yes
      register_fake_expires: '3600'
      reject_code: '503'
      reject_reason: Temporary Unavailable
      retry_after: '3600'
    enum_suffix: e164.arpa.
    expires_range: '30'
    filter_100rel_from_supported: no
    filter_failover_response: 408|500|503
    foreign_domain_via_peer: no
    fritzbox:
      enable: no
      prefixes:
      - 0$avp(caller_ac)
      - $avp(caller_cc)$avp(caller_ac)
      - \+$avp(caller_cc)$avp(caller_ac)
      - 00$avp(caller_cc)$avp(caller_ac)
      special_numbers:
      - '112'
      - '110'
      - 118[0-9]{2}
    ignore_auth_realm: no
    ignore_subscriber_allowed_clis: no
    keep_original_to: no
    latency_limit_action: '100'
    latency_limit_db: '500'
    latency_log_level: '1'
    latency_runtime_action: 1000
    lnp:
      api:
        add_caller_cc_to_lnp_dst: no
        invalid_lnp_routing_codes:
        - ^EE00
        - ^DD00
        keepalive_interval: '3'
        lnp_request_blacklist: []
        lnp_request_whitelist: []
        port: '8991'
        reply_error_on_lnp_failure: no
        request_timeout: '1000'
        server: localhost
      enabled: no
      skip_callee_lnp_lookup_from_any_peer: no
      type: api
    lookup_peer_destination_domain_for_pbx: no
    loop_detection:
      enable: no
      expire: '1'
      max: '5'
    max_expires: '43200'
    max_gw_lcr: '128'
    max_registrations_per_subscriber: '5'
    mem_log: '1'
    mem_summary: '12'
    min_expires: '60'
    nathelper:
      sipping_from: sip:pinger@sipwise.local
    nathelper_dbro: no
    natping_interval: '30'
    natping_processes: 1
    nonce_expire: '300'
    pbx:
      hunt_display_fallback_format: '[H %s]'
      hunt_display_fallback_indicator: $var(cloud_pbx_hg_ext)
      hunt_display_format: '[H %s]'
      hunt_display_indicator: $var(cloud_pbx_hg_displayname)
      hunt_display_maxlength: 8
      ignore_cf_when_hunting: no
    peer_probe:
      available_treshold: '1'
      enable: yes
      from_uri_domain: probe.ngcp.local
      from_uri_user: ping
      interval: '10'
      method: OPTIONS
      reply_codes: class=2;class=3;code=403;code=404;code=405
      timeout: '5'
      unavailable_treshold: '1'
    perform_peer_failover_on_tm_timeout: yes
    perform_peer_lcr: no
    pkg_mem: '32'
    port: '5062'
    presence:
      enable: yes
      max_expires: '3600'
      reginfo_domain: example.org
    proxy_lookup: no
    push:
      apns_alert: New call
      apns_sound: incoming_call.xaf
    report_mos: yes
    set_ruri_to_peer_auth_realm: no
    shm_mem: '125'
    start: yes
    store_recentcalls: no
    syslog_options: yes
    tcp_children: 1
    tm:
      fr_inv_timer: '180000'
      fr_timer: '9000'
    treat_600_as_busy: yes
    use_enum: no
    usrloc_dbmode: '1'
    voicebox_first_caller_cli: yeskamailio-lb.
yes, the SIP Call-ID header will also be encoded.
kamailio-options-lb.log.
anonymize_from_user for all peers.
Diversion or History-Info header.
kamailio-proxy.
default_expires_range seconds of the default_expires parameter.
kamailio.proxy.emergency_prioritization.retry_after: Retry-After value when rejecting the non-emergency request.
| tip | |
| In order to learn about details of emergency priorization function of NGCP please refer to Section 5.6, “Emergency Priorization” part of the handbook. | 
allowed_clis preference so that the User-Provided CLI is only checked against customer’s allowed_clis preference.
api type]: number matching pattern for routing numbers that represent invalid call destinations; an announcement is played in that case and the call is dropped.
api type]: list of matching patterns of called numbers for which LNP lookup must be done.
api type]: list of matching patterns of called numbers for which LNP lookup must not be done.
api type]: timeout in milliseconds while Proxy waits for the response of an LNP query from Sipwise LNP daemon.
local (local LNP database) and api (LNP lookup through external gateways). PLEASE NOTE: the api type of LNP lookup is only available for NGCP PRO / CARRIER installations.
hunt_display_format and hunt_display_indicator can not be used (as in the case of not provisioned subscriber settings). The %s part is replaced with the value of the hunt_display_fallback_indicator variable.
$var(cloud_pbx_hg_ext) which is populated during call routing with the extension of the hunt group.
hunt_display_indicator variable.
$var(cloud_pbx_hg_displayname) which is populated during call routing with the provisioned Display Name of the hunt group.
class=2;class=3;code=403;code=404;code=405, with class defining a code range.
kamailio.proxy.peer_probe.method: [OPTIONS|INFO] - Request method for probe request.
| tip | |
| You can find more information about peer probing configuration in Section 5.10.2, “Configuration of Peer Probing” of the handbook. | 
kamailio-options-proxy.log.
The following section defines configuration of LNP daemon, that is used when LNP queries are served by external gateways → the so called LNP API mode.
lnpd:
  config:
    daemon:
      foreground: 'false'
      json-rpc:
        ports:
          - '8095'
      loglevel: '6'
      sip:
        port: '5095'
      threads: '4'
    instances:
      default:
        module: sigtran
        destination: 0.0.0.0
        from-domain: voip.example.com
        headers:
          - header: INAP-Service-Key
            value: '2'
        reply:
          tcap: raw-tcap
  enabled: noThe following is the mediator section:
mediator: interval: 10
The following is the modules section:
modules:
  - enable: no
    name: dummy
    options: numdummies=2The following is the nginx section:
nginx: status_port: 8081 xcap_port: 1080
The following is the ntp server section:
ntp:
  servers:
    - 0.debian.pool.ntp.org
    - 1.debian.pool.ntp.org
    - 2.debian.pool.ntp.org
    - 3.debian.pool.ntp.orgThe following is the ossbss section:
ossbss:
  apache:
    port: 2443
    proxyluport: 1080
    restapi:
      sslcertfile: '/etc/ngcp-panel/api_ssl/api_ca.crt'
      sslcertkeyfile: '/etc/ngcp-panel/api_ssl/api_ca.key'
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  frontend: 'no'
  htpasswd:
    -
      pass: '{SHA}w4zj3mxbmynIQ1jsUEjSkN2z2pk='
      user: ngcpsoap
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
    ossbss:
      facility: local0
      identity: provisioning
      level: DEBUG
    web:
      facility: local0
      level: DEBUG
  provisioning:
    allow_ip_as_domain: 1
    allow_numeric_usernames: 0
    auto_allow_cli: 1
    carrier:
      account_distribution_function: roundrobin
      prov_distribution_function: roundrobin
    credit_warnings:
      -
        domain: example.com
        recipients:
          - nobody@example.com
        threshold: 1000
    faxpw_min_char: 0
    log_passwords: 0
    no_logline_truncate: 0
    pw_min_char: 6
    routing:
      ac_regex: '[1-9]\d{0,4}'
      cc_regex: '[1-9]\d{0,3}'
      sn_regex: '[1-9]\d+'
    tmpdir: '/tmp'The following is the PBX section:
pbx: bindport: 5085 enable: 'no' highport: 55000 lowport: 50001 media_processor_threads: 10 session_processor_threads: 10 xmlrpcport: 8095
The following is the prosody section:
prosody: ctrl_port: 5582 log_level: info
The following is the pushd section:
pushd:
  apns:
    enable: yes
    endpoint: api.push.apple.com
    endpoint_port: 0
    extra_instances:
    - certificate: '/etc/ngcp-config/ssl/PushCallkitCert.pem'
      enable: yes
      key: '/etc/ngcp-config/ssl/PushCallkitKey.pem'
      type: callkit
    http2_jwt:
      ec_key: '/etc/ngcp-config/ssl/AuthKey_ABCDE12345.pem'
      ec_key_id: 'ABCDE12345'
      enable: yes
      issuer: 'VWXYZ67890'
      tls_certificate: ''
      tls_key: ''
      topic: 'com.example.appID'
    legacy:
      certificate: '/etc/ngcp-config/ssl/PushChatCert.pem'
      feedback_endpoint: feedback.push.apple.com
      feedback_interval: '3600'
      key: '/etc/ngcp-config/ssl/PushChatKey.pem'
    socket_timeout: 0
  domains:
  - apns:
      endpoint: api.push.apple.com
      extra_instances:
      - certificate: '/etc/ngcp-config/ssl/PushCallkitCert-example.com.pem'
        enable: no
        key: '/etc/ngcp-config/ssl/PushCallkitKey-example.com.pem''
        type: callkit
      http2_jwt:
        ec_key: '/etc/ngcp-config/ssl/AuthKey_54321EDCBA.pem'
        ec_key_id: '54321EDCBA'
        issuer: '09876ZYXWV'
        tls_certificate: ''
        tls_key: ''
        topic: 'com.example.otherAppID'
      legacy:
        certificate: '/etc/ngcp-config/ssl/PushChatCert-example.com.pem'
        feedback_endpoint: feedback.push.apple.com
        key: '/etc/ngcp-config/ssl/PushChatKey-example.com.pem'
    domain: example.com
    enable: yes
    gcm:
      key: 'google_api_key_for_example.com_here'
  enable: yes
  gcm:
    enable: yes
    key: 'google_api_key_here'
    priority:
      call: high
      groupchat: normal
      invite: normal
      message: normal
  muc:
    exclude: []
    force_persistent: 'true'
    owner_on_join: 'true'
  one_device_per_subscriber: no
  port: 45060
  processes: 4
  ssl: yes
  sslcertfile: /etc/ngcp-config/ssl/CAsigned.crt
  sslcertkeyfile: /etc/ngcp-config/ssl/CAsigned.key
  unique_device_ids: noThe following is the QOS section:
qos: tos_rtp: 184 tos_sip: 184
The following is the rate-o-mat section:
rateomat: enable: 'yes' loopinterval: 10 splitpeakparts: 0
The following is the redis section:
redis: database_amount: 16 port: 6379 syslog_ident: redis
The following is the reminder section:
reminder: retries: 2 retry_time: 60 sip_fromdomain: voicebox.sipwise.local sip_fromuser: reminder wait_time: 30 weekdays: '2, 3, 4, 5, 6, 7'
The following is the rsyslog section:
rsyslog:
  elasticsearch:
    action:
      resumeretrycount: '-1'
    bulkmode: 'on'
    dynSearchIndex: 'on'
    enable: 'yes'
    queue:
      dequeuebatchsize: 300
      size: 5000
      type: linkedlist
  external_address:
  external_log: 0
  external_loglevel: warning
  external_port: 514
  external_proto: udp
  ngcp_logs_preserve_days: 93The following is the rtp proxy section:
rtpproxy:
  allow_userspace_only: yes
  enabled: yes
  firewall_iptables_chain: ''
  log_level: '6'
  maxport: '40000'
  minport: '30000'
  prefer_bind_on_internal: no
  recording:
    enabled: no
    mp3_bitrate: '48000'
    nfs_host: 192.168.1.1
    nfs_remote_path: /var/recordings
    output_dir: /var/lib/rtpengine-recording
    output_format: wav
    output_mixed: yes
    output_single: yes
    resample: no
    resample_to: '16000'
    spool_dir: /var/spool/rtpengine
  rtp_timeout: '60'
  rtp_timeout_onhold: '3600'The following is the security section. Usage of the firewall subsection is described in Section 14.2, “Firewalling”:
security:
  firewall:
    enable: no
    logging:
      days_kept: '7'
      enable: yes
      file: /var/log/firewall.log
      tag: NGCPFW
    nat_rules4: ~
    nat_rules6: ~
    policies:
      forward: DROP
      input: DROP
      output: ACCEPT
    rules4: ~
    rules6: ~no)
7)
yes)
/var/log/firewall.log)
DROP is added to any tag indicating the action triggering the message, default: NGCPFW)
nat using iptables-persistent syntax (default: undef)
nat using iptables-persistent syntax (default: undef)
FORWARD chain (default: DROP)
INPUT chain (default: DROP)
OUTPUT chain (default: ACCEPT)
filter using iptables-persistent syntax (default: undef)
filter using iptables-persistent syntax (default: undef)
The following is the SEMS section:
sems:
  bindport: 5080
  conference:
    enable: 'yes'
    max_participants: 10
  debug: 'no'
  highport: 50000
  lowport: 40001
  media_processor_threads: 10
  prepaid:
    enable: 'yes'
  sbc:
    calltimer_enable: 'yes'
    calltimer_max: 3600
    outbound_timeout: 6000
    sdp_filter:
      codecs: PCMA,PCMU,telephone-event
      enable: 'yes'
      mode: whitelist
    session_timer:
      enable: 'yes'
      max_timer: 7200
      min_timer: 90
      session_expires: 300
  session_processor_threads: 10
  vsc:
    block_override_code: 80
    cfb_code: 90
    cfna_code: 93
    cft_code: 92
    cfu_code: 72
    clir_code: 31
    directed_pickup_code: 99
    enable: 'yes'
    park_code: 97
    reminder_code: 55
    speedial_code: 50
    unpark_code: 98
    voicemail_number: 2000
  xmlrpcport: 8090This section provides configuration of Short Message Service on the NGCP. Description of the SMS module is provided earlier in this handbook here Section 5.27, “SMS (Short Message Service) on Sipwise NGCP”.
In the below example you can see the default values of the configuration parameters.
sms:
  core:
    admin_port: '13000'
    smsbox_port: '13001'
  enable: no
  loglevel: '0'
  sendsms:
    max_parts_per_message: '5'
    port: '13002'
  smsc:
    dest_addr_npi: '1'
    dest_addr_ton: '1'
    enquire_link_interval: '58'
    host: 1.2.3.4
    id: default_smsc
    max_pending_submits: '10'
    no_dlr: yes
    password: password
    port: '2775'
    source_addr_npi: '1'
    source_addr_ton: '1'
    system_type: ''
    throughput: '5'
    transceiver_mode: '1'
    username: usernameyes if you want to enable SMS module.
sms.smsc. : Parameters of the connection to an SMSC
yes, NGCP will not request DR for the message(s). May be required for
some particular SMSCs, in order to avoid "Incorrect status report request parameter usage"
error messages from the SMSC.
1 (yes / true), NGCP will attempt to use a TRANSCEIVER
mode connection to the SMSC. It uses the standard transmit port of the SMSC for
receiving SMs too.
The following is the SNMP Agent section:
snmpagent: daemonize: '1' debug: '0' update_interval: '30'
The following is the sshd section:
sshd:
  listen_addresses:
    - 0.0.0.0The following is in the sudo section:
sudo: logging: no max_log_sessions: 0
The following is the voice sniffer section:
voisniff:
  admin_panel: no
  daemon:
    bpf: 'port 5060 or 5062 or ip6 proto 44 or ip[6:2] & 0x1fff != 0'
    external_interfaces: eth0 eth1
    filter:
      exclude:
      - active: '0'
        case_insensitive: '1'
        pattern: '\ncseq: *\d+ +(register|notify|options)'
      include: []
    internal_interfaces: lo
    li_x1x2x3:
      call_id:
        suffix:
        - _pbx-1
        - _b2b-1
        - _xfer-1
      client_certificate: ''
      enabled: no
      fix_checksums: no
      fragmented: no
      interface:
        excludes: []
      local_name: sipwise
      x1:
        port: '18090'
    mysql_dump:
      enabled: yes
      num_threads: '4'
    mysql_dump_threads: '4'
    start: no
    threads_per_interface: '10'
  partitions:
    increment: '700000'
    keep: '10'Parameters commonly used for call statistics retrievable on the web interface and for lawful interception:
yes if you want voisniff-ng start at boot.
Default is no.
Parameters used only for call statistics:
no.
increment),
how many tables with call data are kept in DB (→ keep).
Parameters used only for lawful interception:
yes to enable LI services via X1,
X2 and X3 interfaces. Default: no
yes), NGCP will calculate
UDP header checksum for packets sent out on X2 and X3 interfaces. Default: no
no
header.source
field of the X2 protocol. It’s an arbitrary string and can be used to identify the
sending NGCP system. Default: sipwise
18090
| tip | |
| Visit Section 16.3.2.3, “Configuration of LI Service” part of the handbook to learn more about lawful interception configuration. | 
The following is the WEB Admin interface (www_admin) section:
www_admin:
  ac_dial_prefix: 0
  apache:
    autoprov_port: 1444
  billing_features: 1
  callingcard_features: 0
  callthru_features: 0
  cc_dial_prefix: 00
  conference_features: 1
  contactmail: adjust@example.org
  dashboard:
    enabled: 1
  default_admin_settings:
    call_data: 0
    is_active: 1
    is_master: 0
    read_only: 0
    show_passwords: 1
  domain:
    preference_features: 1
    rewrite_features: 1
    vsc_features: 0
  fastcgi_workers: 2
  fax_features: 1
  fees_csv:
    element_order:
      - source
      - destination
      - direction
      - zone
      - zone_detail
      - onpeak_init_rate
      - onpeak_init_interval
      - onpeak_follow_rate
      - onpeak_follow_interval
      - offpeak_init_rate
      - offpeak_init_interval
      - offpeak_follow_rate
      - offpeak_follow_interval
      - use_free_time
  http_admin:
    autoprov_port: 1444
    port: 1443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  http_csc:
    autoprov_bootstrap_port: 1445
    autoprov_port: 1444
    port: 443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
  peer:
    preference_features: 1
  peering_features: 1
  security:
    password_allow_recovery: 0
    password_max_length: 40
    password_min_length: 6
    password_musthave_digit: 0
    password_musthave_lowercase: 1
    password_musthave_specialchar: 0
    password_musthave_uppercase: 0
    password_sip_autogenerate: 0
    password_sip_expose_subadmin: 1
    password_web_autogenerate: 0
    password_web_expose_subadmin: 1
  speed_dial_vsc_presets:
    vsc:
      - '*0'
      - '*1'
      - '*2'
      - '*3'
      - '*4'
      - '*5'
      - '*6'
      - '*7'
      - '*8'
      - '*9'
  subscriber:
    auto_allow_cli: 0
    extension_features: 0
  voicemail_features: 1