Dmitriy Serov wrote:
Hello.
And Sorry for my english :)
https://issues.asterisk.org/jira/browse/ASTERISK-24890
I continue to migrate from asterisk 11 to 13.2 and continues to face
problems of compatibility.
chan_sip has a very good ability to limit registration for a particular
PEER to the specified set of IP addresses. I have not found such an
opportunity in res_pjsip.
ACL offers only limit of the IP packet or contact without being tied to
a particular endpoint. Because registration restrictions by IP require
only part of endpoints, then using version 13.2 all registrations are
unprotected, insecure.
I propose to implement an option to specify the endpoint in ACL section.
I think from a user perspective the nicest way is to just specify a list
of ACLs on the endpoint itself. Specifying endpoints in the ACLs is
cumbersome and doesn't feel right. It would also be hard to maintain.
From an implementation perspective it's not hard. Allow ACLs to be
specified on the endpoint. This can be a vector of strings. In
res_pjsip_acl check the endpoint for ACLs and enforce their
restrictions. If no ACLs are present on the endpoint enforce the global
ACLs.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
