23 سال پیش · 436fecd7a5
--- a/etc/iptel.cfg
+++ b/etc/iptel.cfg
@@ -10,11 +10,13 @@ debug=3
 
				 fork=yes
			
 
				 port=5060
			
 
				 log_stderror=no
			
 
				-memlog=3
			
 
				+memlog=4
			
 
				+
			
 
				+listen=195.37.77.101
			
 
				 
			
 
				 # uncomment to override config values for test 
			
 
				 /*
			
 
				-debug=3             # debug level (cmd line: -ddd)
			
 
				+debug=4             # debug level (cmd line: -ddd)
			
 
				 fork=no
			
 
				 port=5068
			
 
				 log_stderror=yes	# (cmd line: -E)
			
@@ -31,8 +33,8 @@ fifo="/tmp/ser_fifo"
 
				 
			
 
				 # ------------------ module loading ----------------------------------
			
 
				 
			
 
				-loadmodule "../new_ser/modules/sl/sl.so"
			
 
				 loadmodule "../new_ser/modules/tm/tm.so"
			
 
				+loadmodule "../new_ser/modules/sl/sl.so"
			
 
				 loadmodule "../new_ser/modules/acc/acc.so"
			
 
				 loadmodule "../new_ser/modules/rr/rr.so"
			
 
				 loadmodule "../new_ser/modules/maxfwd/maxfwd.so"
			
@@ -111,7 +113,9 @@ route{
 
				 		# allow RR-ed requests, as these may indicate that
			
 
				 		# a NAT-enabled proxy takes care of it; unless it is
			
 
				 		# a REGISTER
			
 
				-		if (method=="REGISTER" || ! search("^Record-Route:")) {
			
 
				+		if ((method=="REGISTER" || ! search("^Record-Route:")) 
			
 
				+					&& !( src_ip==192.168.0.0/16 ||
			
 
				+						src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) {
			
 
				 			log("LOG: Someone trying to register from private IP again\n");
			
 
				 			sl_send_reply("479", "We dont accept private IP contacts" );
			
 
				 			break;
			
@@ -130,10 +134,12 @@ route{
 
				 
			
 
				 
			
 
				 	/* IM gateway diversions */
			
 
				-	if (uri=~"sip:.*@icq\.iptel\.org"
			
 
				-			| uri=~"sip:.*@msn\.iptel\.org"
			
 
				-			| uri=~"sip:.*@aim\.iptel\.org"
			
 
				-			| uri=~"sip:.*@yahoo\.iptel\.org" ) {
			
 
				+	if (search("[\n\r]((To)|t):.*@icq\.iptel\.org")
			
 
				+	| search("[\n\r]((To)|t):.*@msn\.iptel\.org")
			
 
				+	| search("[\n\r]((To)|t):.*@aim\.iptel\.org")
			
 
				+	| search("[\n\r]((To)|t):.*@yahoo\.iptel\.org")
			
 
				+	| search("[\n\r]((To)|t):.*@jabber\.iptel\.org") )
			
 
				+	{
			
 
				 		append_hf("P-hint: IMGW\r\n");
			
 
				 		if (!t_relay_to("195.37.77.100", "5070")) {
			
 
				 			sl_reply_error();
			
@@ -210,6 +216,11 @@ route{
 
				 			sl_send_reply("476", "No Server Address in Contacts Allowed" );
			
 
				 			break;
			
 
				 		};
			
 
				+		if (search("^(Contact|m): .*195\.37\.77\.110")) {
			
 
				+			log(1, "LOG: alert: protected contacts\n");
			
 
				+			sl_send_reply("476", "No Server Address in Contacts Allowed" );
			
 
				+			break;
			
 
				+		};
			
 
				 
			
 
				 		# prohibit attempts to grab someone else's To address 
			
 
				 		# using  valid credentials; the only exception is the user