From ee19f7eb80e494a10d82a3331f1fbe3ab2756341 Mon Sep 17 00:00:00 2001
From: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>
Date: Fri, 12 Sep 2008 20:51:26 +0000
Subject: Merged revisions 142866 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/trunk

................
  r142866 | tilghman | 2008-09-12 15:49:46 -0500 (Fri, 12 Sep 2008) | 18 lines

  Merged revisions 142865 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r142865 | tilghman | 2008-09-12 15:37:18 -0500 (Fri, 12 Sep 2008) | 11 lines

    Create rules for disallowing contacts at certain addresses, which may
    improve the security of various installations.  As this does not change
    any default behavior, it is not classified as a direct security fix for
    anything within Asterisk, but may help PBX admins better secure their
    SIP servers.
    (closes issue #11776)
     Reported by: ibc
     Patches:
           20080829__bug11776.diff.txt uploaded by Corydon76 (license 14)
     Tested by: Corydon76, blitzrage
  ........
................


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@142867 f38db490-d61c-443f-a65b-d21fe96a405b
---
 configs/sip.conf.sample | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'configs')

diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index c823f4111..03206f0b9 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -238,6 +238,16 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; your localnet setting. Unless you have some sort of strange network
                                 ; setup you will not need to enable this.
 
+;dynamic_exclude_static = yes   ; Disallow all dynamic hosts from registering
+                                ; as any IP address used for staticly defined
+                                ; hosts.  This helps avoid the configuration
+                                ; error of allowing your users to register at
+                                ; the same address as a SIP provider.
+
+;contactdeny=0.0.0.0/0.0.0.0           ; Use contactpermit and contactdeny to
+;contactpermit=172.16.0.0/255.255.0.0  ; restrict at what IPs your users may
+                                       ; register their phones.
+
 ;
 ; If regcontext is specified, Asterisk will dynamically create and destroy a
 ; NoOp priority 1 extension for a given peer who registers or unregisters with
@@ -721,6 +731,10 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;                             timerb
 ;                             qualifyfreq
 ;                             t38pt_usertpsource
+;                             contactpermit         ; Limit what a host may register as (a neat trick
+;                             contactdeny           ; is to register at the same IP as a SIP provider,
+;                                                   ; then call oneself, and get redirected to that
+;                                                   ; same location).
 
 ;[sip_proxy]
 ; For incoming calls only. Example: FWD (Free World Dialup)
-- 
cgit v1.2.3