[asterisk-bugs] [JIRA] (ASTERISK-24890) res_pjsip_acl: ACL for the endpoint

Dmitriy Serov (JIRA) noreply at issues.asterisk.org
Tue Mar 17 02:53:34 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=225481#comment-225481 ] 

Dmitriy Serov edited comment on ASTERISK-24890 at 3/17/15 2:53 AM:
-------------------------------------------------------------------

Studying the implementation of res_pjsip_acl and chan_sip come to the conclusion that it is much easier to do new named option "acl" in the endpoint section.
If the reference to the ACL from acl.conf, it will cost a few lines of code. Use of named ACL from pjsip.conf unchanged impossible, since they will block the registration other endpoint.


was (Author: demon):
Studying and implementing res_pjsip_acl and chan_sip come to the conclusion that it is much easier to do new named option "acl" in the endpoint section.
If the reference to the ACL from acl.conf, it will cost a few lines of code. Use of named ACL from pjsip.conf unchanged impossible, since they will block the registration other endpoint.

> res_pjsip_acl: ACL for the endpoint
> -----------------------------------
>
>                 Key: ASTERISK-24890
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24890
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Resources/res_pjsip_acl
>    Affects Versions: 13.2.0
>            Reporter: Dmitriy Serov
>              Labels: Security
>
> I continue to migrate from asterisk 11 to 13.2  and continues to face problems of compatibility.
> chan_sip has a very good ability to limit registration for a particular PEER to the specified set of IP addresses. I have not found such an opportunity in res_pjsip.
> ACL offers only limit of the IP packet or contact without being tied to a particular endpoint. Because registration restrictions by IP require only part of endpoints, then using version 13.2 all registrations are unprotected, insecure.
> I propose to implement an option to specify the endpoint in ACL section.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list