|
|
@@ -10,11 +10,13 @@ debug=3
|
|
|
fork=yes
|
|
|
port=5060
|
|
|
log_stderror=no
|
|
|
-memlog=3
|
|
|
+memlog=4
|
|
|
+
|
|
|
+listen=195.37.77.101
|
|
|
|
|
|
# uncomment to override config values for test
|
|
|
/*
|
|
|
-debug=3 # debug level (cmd line: -ddd)
|
|
|
+debug=4 # debug level (cmd line: -ddd)
|
|
|
fork=no
|
|
|
port=5068
|
|
|
log_stderror=yes # (cmd line: -E)
|
|
|
@@ -31,8 +33,8 @@ fifo="/tmp/ser_fifo"
|
|
|
|
|
|
# ------------------ module loading ----------------------------------
|
|
|
|
|
|
-loadmodule "../new_ser/modules/sl/sl.so"
|
|
|
loadmodule "../new_ser/modules/tm/tm.so"
|
|
|
+loadmodule "../new_ser/modules/sl/sl.so"
|
|
|
loadmodule "../new_ser/modules/acc/acc.so"
|
|
|
loadmodule "../new_ser/modules/rr/rr.so"
|
|
|
loadmodule "../new_ser/modules/maxfwd/maxfwd.so"
|
|
|
@@ -111,7 +113,9 @@ route{
|
|
|
# allow RR-ed requests, as these may indicate that
|
|
|
# a NAT-enabled proxy takes care of it; unless it is
|
|
|
# a REGISTER
|
|
|
- if (method=="REGISTER" || ! search("^Record-Route:")) {
|
|
|
+ if ((method=="REGISTER" || ! search("^Record-Route:"))
|
|
|
+ && !( src_ip==192.168.0.0/16 ||
|
|
|
+ src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) {
|
|
|
log("LOG: Someone trying to register from private IP again\n");
|
|
|
sl_send_reply("479", "We dont accept private IP contacts" );
|
|
|
break;
|
|
|
@@ -130,10 +134,12 @@ route{
|
|
|
|
|
|
|
|
|
/* IM gateway diversions */
|
|
|
- if (uri=~"sip:.*@icq\.iptel\.org"
|
|
|
- | uri=~"sip:.*@msn\.iptel\.org"
|
|
|
- | uri=~"sip:.*@aim\.iptel\.org"
|
|
|
- | uri=~"sip:.*@yahoo\.iptel\.org" ) {
|
|
|
+ if (search("[\n\r]((To)|t):.*@icq\.iptel\.org")
|
|
|
+ | search("[\n\r]((To)|t):.*@msn\.iptel\.org")
|
|
|
+ | search("[\n\r]((To)|t):.*@aim\.iptel\.org")
|
|
|
+ | search("[\n\r]((To)|t):.*@yahoo\.iptel\.org")
|
|
|
+ | search("[\n\r]((To)|t):.*@jabber\.iptel\.org") )
|
|
|
+ {
|
|
|
append_hf("P-hint: IMGW\r\n");
|
|
|
if (!t_relay_to("195.37.77.100", "5070")) {
|
|
|
sl_reply_error();
|
|
|
@@ -210,6 +216,11 @@ route{
|
|
|
sl_send_reply("476", "No Server Address in Contacts Allowed" );
|
|
|
break;
|
|
|
};
|
|
|
+ if (search("^(Contact|m): .*195\.37\.77\.110")) {
|
|
|
+ log(1, "LOG: alert: protected contacts\n");
|
|
|
+ sl_send_reply("476", "No Server Address in Contacts Allowed" );
|
|
|
+ break;
|
|
|
+ };
|
|
|
|
|
|
# prohibit attempts to grab someone else's To address
|
|
|
# using valid credentials; the only exception is the user
|
Jiri Kuthan