diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2020-05-21 21:46:02 +0200 |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2020-05-21 21:46:02 +0200 |
| commit | 56d00e427d5f0bafbc91d26f55f8ba3a8ad7cef2 (patch) | |
| tree | c3aa5636b8419c088e3b7eee213f444f914212e6 | |
| parent | mod_stun_disco: Make 'services' example shorter (diff) | |
ejabberd_stun: Add 'turn_blacklist' option
The new 'turn_blacklist' listener option allows for specifying one or
more IP addresses and/or subnet addresses/masks. The TURN server will
refuse to relay traffic from/to blacklisted IP addresses. By default,
Teredo and 6to4 addresses are blacklisted, as mandated by RFC 6156
(section 9.1).
| -rw-r--r-- | mix.exs | 2 | ||||
| -rw-r--r-- | rebar.config | 2 | ||||
| -rw-r--r-- | src/ejabberd_stun.erl | 3 |
3 files changed, 5 insertions, 2 deletions
@@ -90,7 +90,7 @@ defmodule Ejabberd.Mixfile do {:stringprep, "~> 1.0"}, {:fast_yaml, "~> 1.0"}, {:fast_tls, "~> 1.1"}, - {:stun, git: "https://github.com/processone/stun", ref: "481f4dbb8b5793659aedf44048d7c5fde968bfbb", override: true}, + {:stun, git: "https://github.com/processone/stun", ref: "a96f588c8ded48cd15e99911cf7b22ca67b532db", override: true}, {:esip, "~> 1.0.32"}, {:p1_mysql, "~> 1.0"}, {:mqtree, "~> 1.0"}, diff --git a/rebar.config b/rebar.config index 75ea5a7d7..ae7659bf0 100644 --- a/rebar.config +++ b/rebar.config @@ -36,7 +36,7 @@ {mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.7"}}}, {p1_acme, ".*", {git, "https://github.com/processone/p1_acme.git", {tag, "1.0.5"}}}, {base64url, ".*", {git, "https://github.com/dvv/base64url.git", {tag, "v1.0"}}}, - {if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "481f4dbb8b5793659aedf44048d7c5fde968bfbb"}}}, + {if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", "a96f588c8ded48cd15e99911cf7b22ca67b532db"}}}, {if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.33"}}}}, {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql", {tag, "1.0.15"}}}}, diff --git a/src/ejabberd_stun.erl b/src/ejabberd_stun.erl index 46e7675c9..6be3434e7 100644 --- a/src/ejabberd_stun.erl +++ b/src/ejabberd_stun.erl @@ -177,6 +177,8 @@ listen_opt_type(turn_max_allocations) -> econf:pos_int(infinity); listen_opt_type(turn_max_permissions) -> econf:pos_int(infinity); +listen_opt_type(turn_blacklist) -> + econf:list_or_single(econf:ip_mask()); listen_opt_type(server_name) -> econf:binary(); listen_opt_type(certfile) -> @@ -195,5 +197,6 @@ listen_options() -> {turn_max_port, 65535}, {turn_max_allocations, 10}, {turn_max_permissions, 10}, + {turn_blacklist, [<<"2001::/32">>, <<"2002::/16">>]}, % Teredo, 6to4. {server_name, <<"ejabberd">>}]. -endif. |