+1 on per-user IP restrictions. There's no way to achieve that with a firewall.
Regards, Alex On Wed, Jul 7, 2010 at 10:16 AM, Konstantin Vayner <[email protected]>wrote: > @Nikos > By the way, i think ip restriction on per- sendsms-user is lacking... *adds > to wishlist* > So it's also doubtful point to compare with ;-) > > @Rene > I'm +1 on ip restriction per user, anyway ;-) > > 2010/7/7 Nikos Balkanas <[email protected]> > > Well, I mentioned that sendsms-user, the only other real SMS pushing >> analogue is using authentication, without IP filters. Box connections, use >> only filters without any authentication, and the only exception is HTTP >> admin, which has some serious security issues. But these are not related to >> SMS submission. You have to also account for dynamic IPs. >> >> You don't really need connections per user. These make sense for addresses >> that change a lot (dynamic IPs) for services that require frequent >> reconnections. These are business connections that stay on all the time, >> without any chance for one user to reuse another's address. It would make >> more sense to limit number of active sessions/user. >> >> I guess it doesn't hurt to implement. However, there are so many thngs to >> do in smppbox, is that really a priority? >> >> >> BR, >> Nikos >> ----- Original Message ----- From: "Rene Kluwen" <[email protected]> >> To: "'Rene Kluwen'" <[email protected]>; "'Nikos Balkanas'" < >> [email protected]>; "'ishagh ouldbah'" <[email protected]>; < >> [email protected]> >> Sent: Wednesday, July 07, 2010 3:59 AM >> >> Subject: RE: smpp restrict connection to a specific client >> >> >> Also it will allow ip connections on a per-user level. >>> Something that cannot be done with external firewall hardware or >>> software. >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf >>> Of Rene Kluwen >>> Sent: woensdag 7 juli 2010 2:23 >>> To: 'Nikos Balkanas'; 'ishagh ouldbah'; [email protected] >>> Subject: RE: smpp restrict connection to a specific client >>> >>> I agree that this kind of stuff is better arranged by real firewall >>> software. >>> But in Kannel we have connect-allow-ip c.s. right? So I don't see it is >>> contrary to Kannel philosophy. >>> >>> == Rene >>> >>> -----Original Message----- >>> From: Nikos Balkanas [mailto:[email protected]] >>> Sent: woensdag 7 juli 2010 1:56 >>> To: Rene Kluwen; 'ishagh ouldbah'; [email protected] >>> Subject: Re: smpp restrict connection to a specific client >>> >>> I wouldn't recommend it. It is contrary to kannel philosophy (vis a vis >>> sendsms-user). Besides there is better external software for this and >>> anyone >>> >>> concerned about that level of security, already has a dedicated firewall >>> installed. >>> >>> BR, >>> Nikos >>> ----- Original Message ----- From: "Rene Kluwen" <[email protected]> >>> To: "'Nikos Balkanas'" <[email protected]>; "'ishagh ouldbah'" >>> <[email protected]>; <[email protected]> >>> Sent: Wednesday, July 07, 2010 1:58 AM >>> Subject: RE: smpp restrict connection to a specific client >>> >>> >>> Of course it is possible to add an ip address or list of ip addresses in >>>> smpplogins.txt. >>>> But then again: Is anybody waiting for that? >>>> >>>> == Rene >>>> >>>> -----Original Message----- >>>> From: Nikos Balkanas [mailto:[email protected]] >>>> Sent: dinsdag 6 juli 2010 20:36 >>>> To: Rene Kluwen; 'ishagh ouldbah'; [email protected] >>>> Subject: Re: smpp restrict connection to a specific client >>>> >>>> Hi, >>>> >>>> All clients need to authenticate against smppbox to send SMPP. >>>> >>>> Otherwise any descent firewall should restrict network access. >>>> >>>> BR, >>>> Nikos >>>> ----- Original Message ----- From: Rene Kluwen >>>> To: 'ishagh ouldbah' ; [email protected] >>>> Sent: Tuesday, July 06, 2010 7:21 PM >>>> Subject: RE: smpp restrict connection to a specific client >>>> >>>> >>>> If you are talking about restricting source ip addresses, I use iptables >>>> for >>>> >>>> that. >>>> >>>> == Rene >>>> >>>> From: [email protected] [mailto:[email protected]] On >>>> Behalf >>>> Of ishagh ouldbah >>>> Sent: dinsdag 6 juli 2010 16:00 >>>> To: [email protected] >>>> Subject: smpp restrict connection to a specific client >>>> >>>> Hi all >>>> I have this question regarding smppbox >>>> can i allow conction to only clients that i want >>>> Regards >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >>> >> >> >
