[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Olle E. Johansson oej at edvina.net
Tue Nov 17 14:55:50 CST 2009


17 nov 2009 kl. 21.38 skrev Tzafrir Cohen:

> On Wed, Nov 18, 2009 at 08:07:20AM +1300, Alec Davis wrote:
>> I've been pondering what has been suggested in this email since I sent the
>> original request for discussion.
>> 
>> The idea is to default 'allowguest to 'local' using the following.
>> 
>> 'allowguest=local'
>> 	only computers on the same subnet as asterisk, 'That magic moment is
>> still preserved when first connecting to asterisk.
> 
This is becoming too complicated to be a simple security protection.

I still think we should separate incoming context for guests and the one we use as a default for devices, then let the dialplan control what services we provide to anyone. That the default context configuration in sip.conf is used in two ways is confusing and may lead to problems. 

That new config in combination with allowguest yes/no is enough.
/O


More information about the asterisk-dev mailing list