[asterisk-users] additional range parameter for sip peer

[Thomas Rechberger]

Am 29.03.2014 11:12, schrieb Thomas Rechberger:
> Many ITSP are using loadbalancers, so if somebody registers on a sip
> peer with specific dns host, an incoming call may be received from a
> different ip and the host value in peer section doesnt match, so it will
> go to default context.
>
> For example Telekom or 1&1, biggest providers in Germany are using too
> many different addresses that its not practical to define them all (up
> to 50 hosts and they still add!), as this will also generate too much
> traffic (especially with qualify and multiple registrations) and they
> may even lock you out as untrusted, which may even result in that they
> will block asterisk permanently for everybody. Thats not really desirable.
>
> I think its also not recommended in terms of security to use default
> context with allowguest=yes and sort the incoming calls by header,
> because this can be faked easily.
>
>  From my understanding the permit/deny parameters are only used for
> incoming calls if host is set to dynamic and then there will be no
> outgoing registration to remote peer possible. permit/deny is used for
> access, not for matching.
>
> How about an additional parameter where an range of ip addresses can be
> defined in peer section, which will be used for matching calls?
>
> hostmatchrange=x.x.x.x/24
>
>

anyone here?
What do you think about using permit/deny for host matching?