[asterisk-bugs] [Asterisk 0012005]: [patch] SIP INVITES authorization from multiple IP addresses
Asterisk Bug Tracker
noreply at bugs.digium.com
Sat Dec 6 16:45:42 CST 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12005
======================================================================
Reported By: fkasumovic
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12005
Category: Channels/chan_sip/NewFeature
Reproducibility: always
Severity: feature
Priority: normal
Status: feedback
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 103307
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-02-15 10:23 CST
Last Modified: 2008-12-06 16:45 CST
======================================================================
Summary: [patch] SIP INVITES authorization from multiple IP
addresses
Description:
In current implementation, SIP INVITES are authorized either per username
or per single IP address. Many providers send SIP INVITEs from multiple C
classes and therefore it is very hard (if not impossible) to configure that
via SIP peers.
The only workaround is combination of [general] context and iptables.
Here is a patch that provides such functionality. SIP peer has to be
configured as type=peer, insecure=invite (or insecure=very) with defined
permit/deny rules:
[provider]
type=peer
insecure=very
deny=0.0.0.0/0.0.0.0
permit=10.2.1.0/255.255.255.0
permit=192.168.0.0/255.255.0.0
This is almost identical as to how permit/deny rules work for SIP REGISTER
packets.
======================================================================
----------------------------------------------------------------------
(0095929) diegoviola (reporter) - 2008-12-06 16:45
http://bugs.digium.com/view.php?id=12005#c95929
----------------------------------------------------------------------
Just use FreeSWITCH, it's a lot better.
Asterisk is worthless and broken software.
Issue History
Date Modified Username Field Change
======================================================================
2008-12-06 16:45 diegoviola Note Added: 0095929
======================================================================
More information about the asterisk-bugs
mailing list