[asterisk-users] Unregistred users can pass calls, peer being static
Administrator TOOTAI
admin at tootai.net
Wed Jan 27 17:49:11 CST 2010
Hi Kevin
Kevin P. Fleming a écrit :
> [...]
> This conversation brings to mind two possible ways we could improve
> Asterisk to help users from falling into this trap:
>
> 1) When a sip.conf entry is defined as 'type=friend' *and* has a
> specific host IP address (not dynamic), we could just ignore the 'user'
> part and create only the 'peer' part. This would result in incoming
> calls being matched by IP address instead of username, which is likely
> what the administrator wants anyway.
>
> 2) Alternatively, if people really do want both the 'user' and 'peer'
> objects to exist, then we could automatically put an ACL on the 'user'
> object that restricts access to it to only the defined IP address.
>
> This also could apply to dynamic hosts, but only those that are defined
> without a secret (no authentication required), which seems like a
> terrible configuration and we don't really need to do anything to make
> it work 'better' :-)
>
#1 sounds great for me. Don't know for others but for us SIP EP are
mainly setted as user host=dynamic+secret or host=IP address meaning
permit only this IP.
Other solution would be -in case of host=IP address- to set permit=IP
address/32 deny=0.0.0.0/0.0.0.0 if those parameters are *not* present
All of those solution are compatible with the fact that information
should be given if the case appear.
--
Daniel
More information about the asterisk-users
mailing list