Create rules for disallowing contacts at certain addresses, which may

improve the security of various installations. As this does not change any default behavior, it is not classified as a direct security fix for anything within Asterisk, but may help PBX admins better secure their SIP servers. (closes issue #11776) Reported by: ibc Patches: 20080829__bug11776.diff.txt uploaded by Corydon76 (license 14) Tested by: Corydon76, blitzrage git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@142865 f38db490-d61c-443f-a65b-d21fe96a405b
author: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-09-12 20:37:18 +0000
committer: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-09-12 20:37:18 +0000
commit: 3d74fe145cd118d1e92a9306dc15f32da3b91401 (patch)
tree: 2f1e7e04964e16dc1ca328f9113917b28345b23a /configs
parent: d7fe1556d7d7afb6918941cc7c2f2d66887ecedf (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index eab1dcf6d..25bbb7735 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -136,6 +136,16 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; your localnet setting. Unless you have some sort of strange network
                                 ; setup you will not need to enable this.
 
+;dynamic_exclude_static = yes   ; Disallow all dynamic hosts from registering
+                                ; as any IP address used for staticly defined
+                                ; hosts.  This helps avoid the configuration
+                                ; error of allowing your users to register at
+                                ; the same address as a SIP provider.
+
+;contactdeny=0.0.0.0/0.0.0.0           ; Use contactpermit and contactdeny to
+;contactpermit=172.16.0.0/255.255.0.0  ; restrict at what IPs your users may
+                                       ; register their phones.
+
 ;
 ; If regcontext is specified, Asterisk will dynamically create and destroy a
 ; NoOp priority 1 extension for a given peer who registers or unregisters with
@@ -501,6 +511,10 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;                             outboundproxy
 ;                             rfc2833compensate
 ;                             t38pt_usertpsource
+;                             contactpermit         ; Limit what a host may register as (a neat trick
+;                             contactdeny           ; is to register at the same IP as a SIP provider,
+;                                                   ; then call oneself, and get redirected to that
+;                                                   ; same location).
 
 ;[sip_proxy]
 ; For incoming calls only. Example: FWD (Free World Dialup)
author	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-09-12 20:37:18 +0000
committer	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-09-12 20:37:18 +0000
commit	3d74fe145cd118d1e92a9306dc15f32da3b91401 (patch)
tree	2f1e7e04964e16dc1ca328f9113917b28345b23a /configs
parent	d7fe1556d7d7afb6918941cc7c2f2d66887ecedf (diff)