diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-09-12 20:37:18 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-09-12 20:37:18 +0000 |
commit | 3d74fe145cd118d1e92a9306dc15f32da3b91401 (patch) | |
tree | 2f1e7e04964e16dc1ca328f9113917b28345b23a /configs | |
parent | d7fe1556d7d7afb6918941cc7c2f2d66887ecedf (diff) |
Create rules for disallowing contacts at certain addresses, which may
improve the security of various installations. As this does not change
any default behavior, it is not classified as a direct security fix for
anything within Asterisk, but may help PBX admins better secure their
SIP servers.
(closes issue #11776)
Reported by: ibc
Patches:
20080829__bug11776.diff.txt uploaded by Corydon76 (license 14)
Tested by: Corydon76, blitzrage
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@142865 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'configs')
-rw-r--r-- | configs/sip.conf.sample | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index eab1dcf6d..25bbb7735 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -136,6 +136,16 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; your localnet setting. Unless you have some sort of strange network ; setup you will not need to enable this. +;dynamic_exclude_static = yes ; Disallow all dynamic hosts from registering + ; as any IP address used for staticly defined + ; hosts. This helps avoid the configuration + ; error of allowing your users to register at + ; the same address as a SIP provider. + +;contactdeny=0.0.0.0/0.0.0.0 ; Use contactpermit and contactdeny to +;contactpermit=172.16.0.0/255.255.0.0 ; restrict at what IPs your users may + ; register their phones. + ; ; If regcontext is specified, Asterisk will dynamically create and destroy a ; NoOp priority 1 extension for a given peer who registers or unregisters with @@ -501,6 +511,10 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; outboundproxy ; rfc2833compensate ; t38pt_usertpsource +; contactpermit ; Limit what a host may register as (a neat trick +; contactdeny ; is to register at the same IP as a SIP provider, +; ; then call oneself, and get redirected to that +; ; same location). ;[sip_proxy] ; For incoming calls only. Example: FWD (Free World Dialup) |