mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
ejabberd_stun: Add 'turn_blacklist' option
The new 'turn_blacklist' listener option allows for specifying one or more IP addresses and/or subnet addresses/masks. The TURN server will refuse to relay traffic from/to blacklisted IP addresses. By default, Teredo and 6to4 addresses are blacklisted, as mandated by RFC 6156 (section 9.1).
This commit is contained in:
parent
7bb4da2fee
commit
56d00e427d
2
mix.exs
2
mix.exs
@ -90,7 +90,7 @@ defmodule Ejabberd.Mixfile do
|
|||||||
{:stringprep, "~> 1.0"},
|
{:stringprep, "~> 1.0"},
|
||||||
{:fast_yaml, "~> 1.0"},
|
{:fast_yaml, "~> 1.0"},
|
||||||
{:fast_tls, "~> 1.1"},
|
{:fast_tls, "~> 1.1"},
|
||||||
{:stun, git: "https://github.com/processone/stun", ref: "481f4dbb8b5793659aedf44048d7c5fde968bfbb", override: true},
|
{:stun, git: "https://github.com/processone/stun", ref: "a96f588c8ded48cd15e99911cf7b22ca67b532db", override: true},
|
||||||
{:esip, "~> 1.0.32"},
|
{:esip, "~> 1.0.32"},
|
||||||
{:p1_mysql, "~> 1.0"},
|
{:p1_mysql, "~> 1.0"},
|
||||||
{:mqtree, "~> 1.0"},
|
{:mqtree, "~> 1.0"},
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
{mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.7"}}},
|
{mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.7"}}},
|
||||||
{p1_acme, ".*", {git, "https://github.com/processone/p1_acme.git", {tag, "1.0.5"}}},
|
{p1_acme, ".*", {git, "https://github.com/processone/p1_acme.git", {tag, "1.0.5"}}},
|
||||||
{base64url, ".*", {git, "https://github.com/dvv/base64url.git", {tag, "v1.0"}}},
|
{base64url, ".*", {git, "https://github.com/dvv/base64url.git", {tag, "v1.0"}}},
|
||||||
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "481f4dbb8b5793659aedf44048d7c5fde968bfbb"}}},
|
{if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "a96f588c8ded48cd15e99911cf7b22ca67b532db"}}},
|
||||||
{if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.33"}}}},
|
{if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.33"}}}},
|
||||||
{if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
|
{if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
|
||||||
{tag, "1.0.15"}}}},
|
{tag, "1.0.15"}}}},
|
||||||
|
@ -177,6 +177,8 @@ listen_opt_type(turn_max_allocations) ->
|
|||||||
econf:pos_int(infinity);
|
econf:pos_int(infinity);
|
||||||
listen_opt_type(turn_max_permissions) ->
|
listen_opt_type(turn_max_permissions) ->
|
||||||
econf:pos_int(infinity);
|
econf:pos_int(infinity);
|
||||||
|
listen_opt_type(turn_blacklist) ->
|
||||||
|
econf:list_or_single(econf:ip_mask());
|
||||||
listen_opt_type(server_name) ->
|
listen_opt_type(server_name) ->
|
||||||
econf:binary();
|
econf:binary();
|
||||||
listen_opt_type(certfile) ->
|
listen_opt_type(certfile) ->
|
||||||
@ -195,5 +197,6 @@ listen_options() ->
|
|||||||
{turn_max_port, 65535},
|
{turn_max_port, 65535},
|
||||||
{turn_max_allocations, 10},
|
{turn_max_allocations, 10},
|
||||||
{turn_max_permissions, 10},
|
{turn_max_permissions, 10},
|
||||||
|
{turn_blacklist, [<<"2001::/32">>, <<"2002::/16">>]}, % Teredo, 6to4.
|
||||||
{server_name, <<"ejabberd">>}].
|
{server_name, <<"ejabberd">>}].
|
||||||
-endif.
|
-endif.
|
||||||
|
Loading…
Reference in New Issue
Block a user