[Serusers] Allowing incoming calls from trusted peers
Greger V. Teigre
greger at teigre.com
Wed Mar 15 08:45:15 CET 2006
src ip, see the onsip.org getting started doc on adding stuff to the trusted
table.
Unless you authenticate an INVITE and do check_from() you cannot trust the
domain and anybody can pretend to be local.
g-)
----- Original Message -----
From: "Cameron Beattie" <kjcsb at orcon.net.nz>
To: <serusers at lists.iptel.org>
Sent: Wednesday, March 08, 2006 5:42 AM
Subject: [Serusers] Allowing incoming calls from trusted peers
>I want to allow peering with specific providers and am not sure of the best
>way to do this. At the moment I have the following in ser.cfg:
> if (method=="INVITE" && !allow_trusted()) {
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
>
> consume_credentials();
> };
>
> SER sends a 407 back to any server trying to send a call to my server.
>
> As I understand it allow_trusted only allows specification of trusted IP
> addresses. I'm not clear what it is checking though. Is it the IP address
> of the host provided in the URI, or From, or something else?
>
> What if I want to validate based on domain name? What are the risks of the
> following approach?
> if (method=="INVITE" && !is_from_local()) {
>
> Any help appreciated.
>
> Cameron
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list