Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity

ejabberd_stun: Block loopback addresses by default 

Don't accept loopback addresses as TURN peers by default.  This makes
sure the TURN service won't allow remote clients to access local UDP
services.

However, this will break the case where the 'turn_ipv4_address' was set
to 127.0.0.1 as fallback and TURN worked "by accident" if both clients
were using the same TURN service.  The service then talked to itself on
the loopback interface.
This commit is contained in:
Holger Weiss 2021-01-22 16:20:24 +01:00
parent b6f86187f3
commit 6c2bd91f01
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ejabberd_stun.erl
View File

@ -203,7 +203,7 @@ listen_options() ->
{turn_max_port, 65535},
{turn_max_allocations, 10},
{turn_max_permissions, 10},
{turn_blacklist, []},
{turn_blacklist, [<<"127.0.0.0/8">>, <<"::1/128">>]},
{server_name, <<"ejabberd">>}].
-spec init_logger() -> ok.