CCing user's list On Fri, May 18, 2012 at 6:57 AM, Michael Picher <[email protected]> wrote: > Some notes on 4.5.2 firewall settings... > > For server groups - can you set up subnets in there? if so, this should be > labeled 'networks'. i.e., it should be able to accept for instance, > 192.168.20.5, 172.16.1.0/24, 10.0.0.0/8
yes, although it's not mentioned on page nor are the field validators in place. can you create a bug for 4.6? > What does 'Prioritize' mean? For QoS an admin would typically setup DSCP or > CoS values. This should be configurable in Settings section. Also, > typically you'd want to prioritize SIP signaling traffic different from RTP > (voice) traffic. So, maybe something like what you did for Server Group so > that the admin could configure different values for different types of > traffic. yes, fairly limited, it just adds this to iptables mangle table -j DSCP --set-dscp-class EF by default, i only prioritize RTP. > Also, there should probably be a way to add custom services... ...or at least a way to custom the final iptables config file. It might be simple "include this iptable fragment" in final config. Tony and others have already requested this is important. > Maybe I'm asking too much for a first pass... as long as we prioritize accordingly, we can do what we can. Considering firewall was only added to 4.6 so we protect mongo, any bonus features probably wouldn't make it in 4.6 _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
