|
@@ -14,11 +14,11 @@
|
|
|
# servers also share write-access to user location database (and
|
|
# servers also share write-access to user location database (and
|
|
|
# keeps a full cache of all usrloc entries synchronized using
|
|
# keeps a full cache of all usrloc entries synchronized using
|
|
|
# multicast).
|
|
# multicast).
|
|
|
-#
|
|
|
|
|
|
|
+#
|
|
|
# If you look for a simpler version with a lot less dependencies
|
|
# If you look for a simpler version with a lot less dependencies
|
|
|
# please refer to the ser-basic.cfg file in your SER distribution.
|
|
# please refer to the ser-basic.cfg file in your SER distribution.
|
|
|
#
|
|
#
|
|
|
-# Requirements:
|
|
|
|
|
|
|
+# Requirements:
|
|
|
# ---------------
|
|
# ---------------
|
|
|
# running DB, running RTP proxy, one public IP address
|
|
# running DB, running RTP proxy, one public IP address
|
|
|
# for SIP service, one private IP address for administrative purposes;
|
|
# for SIP service, one private IP address for administrative purposes;
|
|
@@ -72,7 +72,7 @@
|
|
|
# - AVP-based diversion for call-forwarding (as opposed to specialized
|
|
# - AVP-based diversion for call-forwarding (as opposed to specialized
|
|
|
# module)
|
|
# module)
|
|
|
# - add Date header in 200s to REGISTERs (to be packaged with NTP!)
|
|
# - add Date header in 200s to REGISTERs (to be packaged with NTP!)
|
|
|
-# * more security:
|
|
|
|
|
|
|
+# * more security:
|
|
|
# - pike/rate-limit
|
|
# - pike/rate-limit
|
|
|
# - identity
|
|
# - identity
|
|
|
# - TLS
|
|
# - TLS
|
|
@@ -86,16 +86,16 @@
|
|
|
# - dialog module for monitoring purposes
|
|
# - dialog module for monitoring purposes
|
|
|
# - more extensive logging using xlog (controlled by gflags/gAVPs)
|
|
# - more extensive logging using xlog (controlled by gflags/gAVPs)
|
|
|
# * leveraging 2.1 features:
|
|
# * leveraging 2.1 features:
|
|
|
-# - removal of private IP address (it takes a multicast-specific
|
|
|
|
|
|
|
+# - removal of private IP address (it takes a multicast-specific
|
|
|
# command which will allow OS to determine source IP address)
|
|
# command which will allow OS to determine source IP address)
|
|
|
-# - timer route:
|
|
|
|
|
|
|
+# - timer route:
|
|
|
# * don't use exec (it takes domain.reload as script command)
|
|
# * don't use exec (it takes domain.reload as script command)
|
|
|
-# * compare last-stored timestamp with current timestamp (it takes
|
|
|
|
|
|
|
+# * compare last-stored timestamp with current timestamp (it takes
|
|
|
# assignment of gAVPs)
|
|
# assignment of gAVPs)
|
|
|
# * check multicast REGISTERs for their TTL (this is a simple and
|
|
# * check multicast REGISTERs for their TTL (this is a simple and
|
|
|
# effective security check to prevent remote multicast messages
|
|
# effective security check to prevent remote multicast messages
|
|
|
# to damage our traffic)
|
|
# to damage our traffic)
|
|
|
-# - numerous fine-tuning parameters which are only available in 2.1
|
|
|
|
|
|
|
+# - numerous fine-tuning parameters which are only available in 2.1
|
|
|
# (mlock_pages, dns_try_naptr, etc.)
|
|
# (mlock_pages, dns_try_naptr, etc.)
|
|
|
# - better support for preloaded routes with domain name
|
|
# - better support for preloaded routes with domain name
|
|
|
#
|
|
#
|
|
@@ -104,7 +104,7 @@
|
|
|
# The script has been tested against security leaks, but it comes
|
|
# The script has been tested against security leaks, but it comes
|
|
|
# under terms of GPL "as is" without any warranties; better check
|
|
# under terms of GPL "as is" without any warranties; better check
|
|
|
# yourself that:
|
|
# yourself that:
|
|
|
-# - IP based authentication of PSTN gateway and multicast REGISTERs
|
|
|
|
|
|
|
+# - IP based authentication of PSTN gateway and multicast REGISTERs
|
|
|
# is compliant to your network setup and security policy.
|
|
# is compliant to your network setup and security policy.
|
|
|
# - Multiple gateway IPs can't be provisioned as security checks
|
|
# - Multiple gateway IPs can't be provisioned as security checks
|
|
|
# are applied only to one.
|
|
# are applied only to one.
|
|
@@ -174,7 +174,7 @@ real_time=7
|
|
|
# ------------------- DNS Parameters ----------------------------------------
|
|
# ------------------- DNS Parameters ----------------------------------------
|
|
|
# (see doc/dns.txt for more details)
|
|
# (see doc/dns.txt for more details)
|
|
|
#
|
|
#
|
|
|
-# minimum timeouts
|
|
|
|
|
|
|
+# minimum timeouts
|
|
|
dns_retr_time=1
|
|
dns_retr_time=1
|
|
|
dns_retr_no=1
|
|
dns_retr_no=1
|
|
|
dns_servers_no=1
|
|
dns_servers_no=1
|
|
@@ -204,7 +204,7 @@ use_dst_blacklist=on
|
|
|
dst_blacklist_mem=1024 # 1 MB
|
|
dst_blacklist_mem=1024 # 1 MB
|
|
|
dst_blacklist_expire=300 # blacklist default time
|
|
dst_blacklist_expire=300 # blacklist default time
|
|
|
dst_blacklist_gc_interval=150 # 2.5 min
|
|
dst_blacklist_gc_interval=150 # 2.5 min
|
|
|
-# for ser 2.1 to the above add tm blst_503* parameters and/or use the
|
|
|
|
|
|
|
+# for ser 2.1 to the above add tm blst_503* parameters and/or use the
|
|
|
# blst module (see NEWS)
|
|
# blst module (see NEWS)
|
|
|
|
|
|
|
|
# ------------------- TCP Parameters ----------------------------------------
|
|
# ------------------- TCP Parameters ----------------------------------------
|
|
@@ -229,7 +229,7 @@ session_timer.default = "1800" desc "default session interval (in s)"
|
|
|
#
|
|
#
|
|
|
session_timer.min_se = "90" desc "minimum session interval (in s)"
|
|
session_timer.min_se = "90" desc "minimum session interval (in s)"
|
|
|
|
|
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# ------------------ Module Loading -----------------------------------------
|
|
# ------------------ Module Loading -----------------------------------------
|
|
|
|
|
|
|
|
loadpath "/usr/lib/ser/modules"
|
|
loadpath "/usr/lib/ser/modules"
|
|
@@ -1228,7 +1228,7 @@ route[SITE_SPECIFIC]
|
|
|
if (!$t.did) {
|
|
if (!$t.did) {
|
|
|
break;
|
|
break;
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# Do site specific routing such as peering.
|
|
# Do site specific routing such as peering.
|
|
|
# For example:
|
|
# For example:
|
|
|
if (uri=~"^sip:000777") {
|
|
if (uri=~"^sip:000777") {
|
|
@@ -1411,12 +1411,12 @@ onsend_route
|
|
|
&& method != "ACK" && method != "CANCEL")
|
|
&& method != "ACK" && method != "CANCEL")
|
|
|
{
|
|
{
|
|
|
log(1, "ALERT: non authorized packet for PSTN, dropping...\n%mb\n");
|
|
log(1, "ALERT: non authorized packet for PSTN, dropping...\n%mb\n");
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# You can't use advanced features from onsend_route.
|
|
# You can't use advanced features from onsend_route.
|
|
|
# xlog("L_ALERT", "non authorized packet for PSTN, dropping...\n%mb\n");
|
|
# xlog("L_ALERT", "non authorized packet for PSTN, dropping...\n%mb\n");
|
|
|
drop;
|
|
drop;
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
# RFC 1918 relay protection: Useful if SER is attached to an
|
|
# RFC 1918 relay protection: Useful if SER is attached to an
|
|
|
# administrative network using private IP address space and you
|
|
# administrative network using private IP address space and you
|
|
|
# wish to prevent UACs from relaying their packets there.
|
|
# wish to prevent UACs from relaying their packets there.
|
|
@@ -1452,7 +1452,7 @@ route[ON_1MIN_TIMER] {
|
|
|
#db_query("select value from global_attrs where name='domain_data_version' and type=0 and cast(value as integer) between date_part('epoch', now() - interval '120 seconds') and date_part('epoch', now())", "reload");
|
|
#db_query("select value from global_attrs where name='domain_data_version' and type=0 and cast(value as integer) between date_part('epoch', now() - interval '120 seconds') and date_part('epoch', now())", "reload");
|
|
|
if (@db.fetch.reload.count=="1") {
|
|
if (@db.fetch.reload.count=="1") {
|
|
|
# Domain reload only available as fifo command.
|
|
# Domain reload only available as fifo command.
|
|
|
- exec_msg("sercmd domain.reload");
|
|
|
|
|
|
|
+ exec_msg("sercmd domain.reload");
|
|
|
}
|
|
}
|
|
|
db_close("reload");
|
|
db_close("reload");
|
|
|
}
|
|
}
|
Alfred E. Heggestad