Merged revisions 142865 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r142865 | tilghman | 2008-09-12 15:37:18 -0500 (Fri, 12 Sep 2008) | 11 lines Create rules for disallowing contacts at certain addresses, which may improve the security of various installations. As this does not change any default behavior, it is not classified as a direct security fix for anything within Asterisk, but may help PBX admins better secure their SIP servers. (closes issue #11776) Reported by: ibc Patches: 20080829__bug11776.diff.txt uploaded by Corydon76 (license 14) Tested by: Corydon76, blitzrage ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@142866 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Tilghman Lesher <tilghman@meg.abyt.es> 2008-09-12 20:49:46 +0000
committer: Tilghman Lesher <tilghman@meg.abyt.es> 2008-09-12 20:49:46 +0000
commit: aada13230f17327e5ae12778287267b10a61caf3 (patch)
tree: 7dde22f797bcb7e13f792c2a412e03c9fcdb6cf9 /configs
parent: 1b7be8fafcd403c374bee5496c689a7b6a0b2a0e (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index a1cb47958..a7293b239 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -249,6 +249,16 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
                                 ; your localnet setting. Unless you have some sort of strange network
                                 ; setup you will not need to enable this.
 
+;dynamic_exclude_static = yes   ; Disallow all dynamic hosts from registering
+                                ; as any IP address used for staticly defined
+                                ; hosts.  This helps avoid the configuration
+                                ; error of allowing your users to register at
+                                ; the same address as a SIP provider.
+
+;contactdeny=0.0.0.0/0.0.0.0           ; Use contactpermit and contactdeny to
+;contactpermit=172.16.0.0/255.255.0.0  ; restrict at what IPs your users may
+                                       ; register their phones.
+
 ;
 ; If regcontext is specified, Asterisk will dynamically create and destroy a
 ; NoOp priority 1 extension for a given peer who registers or unregisters with
@@ -746,6 +756,10 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;                             timerb
 ;                             qualifyfreq
 ;                             t38pt_usertpsource
+;                             contactpermit         ; Limit what a host may register as (a neat trick
+;                             contactdeny           ; is to register at the same IP as a SIP provider,
+;                                                   ; then call oneself, and get redirected to that
+;                                                   ; same location).
 
 ;[sip_proxy]
 ; For incoming calls only. Example: FWD (Free World Dialup)
author	Tilghman Lesher <tilghman@meg.abyt.es>	2008-09-12 20:49:46 +0000
committer	Tilghman Lesher <tilghman@meg.abyt.es>	2008-09-12 20:49:46 +0000
commit	aada13230f17327e5ae12778287267b10a61caf3 (patch)
tree	7dde22f797bcb7e13f792c2a412e03c9fcdb6cf9 /configs
parent	1b7be8fafcd403c374bee5496c689a7b6a0b2a0e (diff)