[asterisk-bugs] [Asterisk 0012005]: [patch] SIP INVITES authorization from multiple IP addresses

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Jan 29 07:26:55 CST 2009 

The following issue has been UPDATED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12005 
====================================================================== 
Reported By:                fkasumovic
Assigned To:                oej
====================================================================== 
Project:                    Asterisk
Issue ID:                   12005
Category:                   Channels/chan_sip/NewFeature
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     closed
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 103307 
Request Review:              
Resolution:                 suspended
Fixed in Version:           
====================================================================== 
Date Submitted:             2008-02-15 10:23 CST
Last Modified:              2009-01-29 07:26 CST
====================================================================== 
Summary:                    [patch] SIP INVITES authorization from multiple IP
addresses
Description: 
In current implementation, SIP INVITES are authorized either per username
or per single IP address. Many providers send SIP INVITEs from multiple C
classes and therefore it is very hard (if not impossible) to configure that
via SIP peers.

The only workaround is combination of [general] context and iptables.

Here is a patch that provides such functionality. SIP peer has to be
configured as type=peer, insecure=invite (or insecure=very) with defined
permit/deny rules:

[provider]
type=peer
insecure=very
deny=0.0.0.0/0.0.0.0
permit=10.2.1.0/255.255.255.0
permit=192.168.0.0/255.255.0.0

This is almost identical as to how permit/deny rules work for SIP REGISTER
packets.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-01-29 07:26 oej            Status                   resolved => closed  
======================================================================

More information about the asterisk-bugs mailing list