Kezdőlap Felfedezés Súgó
Bejelentkezés
Kamailio
/
kamailio
tükrözi: https://github.com/kamailio/kamailio.git
2
0
Másolás 0
Fájlok Problémák 0 Wiki
Forráskód Böngészése

private Contacts now allowed if request's source IP address private too
(local private phone can now register)

Jiri Kuthan 23 éve
szülő
5b532c7fdd
commit
436fecd7a5
1 módosított fájl, 19 hozzáadás és 8 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 19 8
      etc/iptel.cfg

+ 19 - 8
etc/iptel.cfg
Fájl Megtekintése 

@@ -10,11 +10,13 @@ debug=3
 
 fork=yes
 
 port=5060
 
 log_stderror=no
 
-memlog=3
 
+memlog=4
 
+
 
+listen=195.37.77.101
 
 
 # uncomment to override config values for test 
 /*
 
-debug=3             # debug level (cmd line: -ddd)
 
+debug=4             # debug level (cmd line: -ddd)
 
 fork=no
 
 port=5068
 
 log_stderror=yes	# (cmd line: -E)
 
@@ -31,8 +33,8 @@ fifo="/tmp/ser_fifo"
 
 
 # ------------------ module loading ----------------------------------
 
 
-loadmodule "../new_ser/modules/sl/sl.so"
 
 loadmodule "../new_ser/modules/tm/tm.so"
 
+loadmodule "../new_ser/modules/sl/sl.so"
 
 loadmodule "../new_ser/modules/acc/acc.so"
 
 loadmodule "../new_ser/modules/rr/rr.so"
 
 loadmodule "../new_ser/modules/maxfwd/maxfwd.so"
 
@@ -111,7 +113,9 @@ route{
 
 		# allow RR-ed requests, as these may indicate that
 
 		# a NAT-enabled proxy takes care of it; unless it is
 
 		# a REGISTER
 
-		if (method=="REGISTER" || ! search("^Record-Route:")) {
 
+		if ((method=="REGISTER" || ! search("^Record-Route:")) 
+					&& !( src_ip==192.168.0.0/16 ||
 
+						src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) {
 
 			log("LOG: Someone trying to register from private IP again\n");
 
 			sl_send_reply("479", "We dont accept private IP contacts" );
 
 			break;
 
@@ -130,10 +134,12 @@ route{
 
 
 
 	/* IM gateway diversions */
 
-	if (uri=~"sip:.*@icq\.iptel\.org"
 
-			| uri=~"sip:.*@msn\.iptel\.org"
 
-			| uri=~"sip:.*@aim\.iptel\.org"
 
-			| uri=~"sip:.*@yahoo\.iptel\.org" ) {
 
+	if (search("[\n\r]((To)|t):.*@icq\.iptel\.org")
 
+	| search("[\n\r]((To)|t):.*@msn\.iptel\.org")
 
+	| search("[\n\r]((To)|t):.*@aim\.iptel\.org")
 
+	| search("[\n\r]((To)|t):.*@yahoo\.iptel\.org")
 
+	| search("[\n\r]((To)|t):.*@jabber\.iptel\.org") )
 
+	{
 
 		append_hf("P-hint: IMGW\r\n");
 
 		if (!t_relay_to("195.37.77.100", "5070")) {
 
 			sl_reply_error();
 
@@ -210,6 +216,11 @@ route{
 
 			sl_send_reply("476", "No Server Address in Contacts Allowed" );
 
 			break;
 
 		};
 
+		if (search("^(Contact|m): .*195\.37\.77\.110")) {
 
+			log(1, "LOG: alert: protected contacts\n");
 
+			sl_send_reply("476", "No Server Address in Contacts Allowed" );
 
+			break;
 
+		};
 
 
 		# prohibit attempts to grab someone else's To address 
 		# using  valid credentials; the only exception is the user