25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

ejabberd_stun: Add 'turn_blacklist' option

The new 'turn_blacklist' listener option allows for specifying one or
more IP addresses and/or subnet addresses/masks.  The TURN server will
refuse to relay traffic from/to blacklisted IP addresses.  By default,
Teredo and 6to4 addresses are blacklisted, as mandated by RFC 6156
(section 9.1).
This commit is contained in:
Holger Weiss 2020-05-21 21:46:02 +02:00
parent 7bb4da2fee
commit 56d00e427d
3 changed files with 5 additions and 2 deletions

View File

@ -90,7 +90,7 @@ defmodule Ejabberd.Mixfile do
{:stringprep, "~> 1.0"}, {:stringprep, "~> 1.0"},
{:fast_yaml, "~> 1.0"}, {:fast_yaml, "~> 1.0"},
{:fast_tls, "~> 1.1"}, {:fast_tls, "~> 1.1"},
{:stun, git: "https://github.com/processone/stun", ref: "481f4dbb8b5793659aedf44048d7c5fde968bfbb", override: true}, {:stun, git: "https://github.com/processone/stun", ref: "a96f588c8ded48cd15e99911cf7b22ca67b532db", override: true},
{:esip, "~> 1.0.32"}, {:esip, "~> 1.0.32"},
{:p1_mysql, "~> 1.0"}, {:p1_mysql, "~> 1.0"},
{:mqtree, "~> 1.0"}, {:mqtree, "~> 1.0"},

View File

@ -36,7 +36,7 @@
{mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.7"}}}, {mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.7"}}},
{p1_acme, ".*", {git, "https://github.com/processone/p1_acme.git", {tag, "1.0.5"}}}, {p1_acme, ".*", {git, "https://github.com/processone/p1_acme.git", {tag, "1.0.5"}}},
{base64url, ".*", {git, "https://github.com/dvv/base64url.git", {tag, "v1.0"}}}, {base64url, ".*", {git, "https://github.com/dvv/base64url.git", {tag, "v1.0"}}},
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "481f4dbb8b5793659aedf44048d7c5fde968bfbb"}}}, {if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "a96f588c8ded48cd15e99911cf7b22ca67b532db"}}},
{if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.33"}}}}, {if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.33"}}}},
{if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql", {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
{tag, "1.0.15"}}}}, {tag, "1.0.15"}}}},

View File

@ -177,6 +177,8 @@ listen_opt_type(turn_max_allocations) ->
econf:pos_int(infinity); econf:pos_int(infinity);
listen_opt_type(turn_max_permissions) -> listen_opt_type(turn_max_permissions) ->
econf:pos_int(infinity); econf:pos_int(infinity);
listen_opt_type(turn_blacklist) ->
econf:list_or_single(econf:ip_mask());
listen_opt_type(server_name) -> listen_opt_type(server_name) ->
econf:binary(); econf:binary();
listen_opt_type(certfile) -> listen_opt_type(certfile) ->
@ -195,5 +197,6 @@ listen_options() ->
{turn_max_port, 65535}, {turn_max_port, 65535},
{turn_max_allocations, 10}, {turn_max_allocations, 10},
{turn_max_permissions, 10}, {turn_max_permissions, 10},
{turn_blacklist, [<<"2001::/32">>, <<"2002::/16">>]}, % Teredo, 6to4.
{server_name, <<"ejabberd">>}]. {server_name, <<"ejabberd">>}].
-endif. -endif.