Merged revisions 142866 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ................ r142866 | tilghman | 2008-09-12 15:49:46 -0500 (Fri, 12 Sep 2008) | 18 lines Merged revisions 142865 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r142865 | tilghman | 2008-09-12 15:37:18 -0500 (Fri, 12 Sep 2008) | 11 lines Create rules for disallowing contacts at certain addresses, which may improve the security of various installations. As this does not change any default behavior, it is not classified as a direct security fix for anything within Asterisk, but may help PBX admins better secure their SIP servers. (closes issue #11776) Reported by: ibc Patches: 20080829__bug11776.diff.txt uploaded by Corydon76 (license 14) Tested by: Corydon76, blitzrage ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@142868 f38db490-d61c-443f-a65b-d21fe96a405b
author: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-09-12 20:52:10 +0000
committer: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-09-12 20:52:10 +0000
commit: 9240d9d28db9615c125eb3e7557311d0cb4e5f63 (patch)
tree: 41fa7681679e0c43d0aab747e879a520c1f320f7 /configs
parent: 1ed9576b5ac8af5c3b4b7162a9e2422204409582 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index a1cb47958..a7293b239 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -249,6 +249,16 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; your localnet setting. Unless you have some sort of strange network
                                 ; setup you will not need to enable this.
 
+;dynamic_exclude_static = yes   ; Disallow all dynamic hosts from registering
+                                ; as any IP address used for staticly defined
+                                ; hosts.  This helps avoid the configuration
+                                ; error of allowing your users to register at
+                                ; the same address as a SIP provider.
+
+;contactdeny=0.0.0.0/0.0.0.0           ; Use contactpermit and contactdeny to
+;contactpermit=172.16.0.0/255.255.0.0  ; restrict at what IPs your users may
+                                       ; register their phones.
+
 ;
 ; If regcontext is specified, Asterisk will dynamically create and destroy a
 ; NoOp priority 1 extension for a given peer who registers or unregisters with
@@ -746,6 +756,10 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;                             timerb
 ;                             qualifyfreq
 ;                             t38pt_usertpsource
+;                             contactpermit         ; Limit what a host may register as (a neat trick
+;                             contactdeny           ; is to register at the same IP as a SIP provider,
+;                                                   ; then call oneself, and get redirected to that
+;                                                   ; same location).
 
 ;[sip_proxy]
 ; For incoming calls only. Example: FWD (Free World Dialup)
author	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-09-12 20:52:10 +0000
committer	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-09-12 20:52:10 +0000
commit	9240d9d28db9615c125eb3e7557311d0cb4e5f63 (patch)
tree	41fa7681679e0c43d0aab747e879a520c1f320f7 /configs
parent	1ed9576b5ac8af5c3b4b7162a9e2422204409582 (diff)