Hi Kevin Kevin P. Fleming a écrit : > [...] > This conversation brings to mind two possible ways we could improve > Asterisk to help users from falling into this trap: > > 1) When a sip.conf entry is defined as 'type=friend' *and* has a > specific host IP address (not dynamic), we could just ignore the 'user' > part and create only the 'peer' part. This would result in incoming > calls being matched by IP address instead of username, which is likely > what the administrator wants anyway. > > 2) Alternatively, if people really do want both the 'user' and 'peer' > objects to exist, then we could automatically put an ACL on the 'user' > object that restricts access to it to only the defined IP address. > > This also could apply to dynamic hosts, but only those that are defined > without a secret (no authentication required), which seems like a > terrible configuration and we don't really need to do anything to make > it work 'better' :-) > #1 sounds great for me. Don't know for others but for us SIP EP are mainly setted as user host=dynamic+secret or host=IP address meaning permit only this IP.
Other solution would be -in case of host=IP address- to set permit=IP address/32 deny=0.0.0.0/0.0.0.0 if those parameters are *not* present All of those solution are compatible with the fact that information should be given if the case appear. -- Daniel -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
