Browse code

private Contacts now allowed if request's source IP address private too (local private phone can now register)

Jiri Kuthan authored on 30/11/2002 22:33:59
Showing 1 changed files
... ...
@@ -10,11 +10,13 @@ debug=3
10 10
 fork=yes
11 11
 port=5060
12 12
 log_stderror=no
13
-memlog=3
13
+memlog=4
14
+
15
+listen=195.37.77.101
14 16
 
15 17
 # uncomment to override config values for test 
16 18
 /*
17
-debug=3             # debug level (cmd line: -ddd)
19
+debug=4             # debug level (cmd line: -ddd)
18 20
 fork=no
19 21
 port=5068
20 22
 log_stderror=yes	# (cmd line: -E)
... ...
@@ -31,8 +33,8 @@ fifo="/tmp/ser_fifo"
31 33
 
32 34
 # ------------------ module loading ----------------------------------
33 35
 
34
-loadmodule "../new_ser/modules/sl/sl.so"
35 36
 loadmodule "../new_ser/modules/tm/tm.so"
37
+loadmodule "../new_ser/modules/sl/sl.so"
36 38
 loadmodule "../new_ser/modules/acc/acc.so"
37 39
 loadmodule "../new_ser/modules/rr/rr.so"
38 40
 loadmodule "../new_ser/modules/maxfwd/maxfwd.so"
... ...
@@ -111,7 +113,9 @@ route{
111 113
 		# allow RR-ed requests, as these may indicate that
112 114
 		# a NAT-enabled proxy takes care of it; unless it is
113 115
 		# a REGISTER
114
-		if (method=="REGISTER" || ! search("^Record-Route:")) {
116
+		if ((method=="REGISTER" || ! search("^Record-Route:")) 
117
+					&& !( src_ip==192.168.0.0/16 ||
118
+						src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) {
115 119
 			log("LOG: Someone trying to register from private IP again\n");
116 120
 			sl_send_reply("479", "We dont accept private IP contacts" );
117 121
 			break;
... ...
@@ -130,10 +134,12 @@ route{
130 134
 
131 135
 
132 136
 	/* IM gateway diversions */
133
-	if (uri=~"sip:.*@icq\.iptel\.org"
134
-			| uri=~"sip:.*@msn\.iptel\.org"
135
-			| uri=~"sip:.*@aim\.iptel\.org"
136
-			| uri=~"sip:.*@yahoo\.iptel\.org" ) {
137
+	if (search("[\n\r]((To)|t):.*@icq\.iptel\.org")
138
+	| search("[\n\r]((To)|t):.*@msn\.iptel\.org")
139
+	| search("[\n\r]((To)|t):.*@aim\.iptel\.org")
140
+	| search("[\n\r]((To)|t):.*@yahoo\.iptel\.org")
141
+	| search("[\n\r]((To)|t):.*@jabber\.iptel\.org") )
142
+	{
137 143
 		append_hf("P-hint: IMGW\r\n");
138 144
 		if (!t_relay_to("195.37.77.100", "5070")) {
139 145
 			sl_reply_error();
... ...
@@ -210,6 +216,11 @@ route{
210 216
 			sl_send_reply("476", "No Server Address in Contacts Allowed" );
211 217
 			break;
212 218
 		};
219
+		if (search("^(Contact|m): .*195\.37\.77\.110")) {
220
+			log(1, "LOG: alert: protected contacts\n");
221
+			sl_send_reply("476", "No Server Address in Contacts Allowed" );
222
+			break;
223
+		};
213 224
 
214 225
 		# prohibit attempts to grab someone else's To address 
215 226
 		# using  valid credentials; the only exception is the user