ejabberd_stun: Block loopback addresses by default

Don't accept loopback addresses as TURN peers by default. This makes sure the TURN service won't allow remote clients to access local UDP services. However, this will break the case where the 'turn_ipv4_address' was set to 127.0.0.1 as fallback and TURN worked "by accident" if both clients were using the same TURN service. The service then talked to itself on the loopback interface.
author: Holger Weiss <holger@zedat.fu-berlin.de> 2021-01-22 16:20:24 +0100
committer: Holger Weiss <holger@zedat.fu-berlin.de> 2021-01-22 16:20:24 +0100
commit: 6c2bd91f014f2a29fd16fbe4f2d5feefe9ddd3a0 (patch)
tree: b1b4064e1f5a43c595bd3185744ac82f85b48e5f /src/ejabberd_stun.erl
parent: Update 'stun' dependency (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ejabberd_stun.erl b/src/ejabberd_stun.erl
index f6d1e89a4..b4bc6b3e4 100644
--- a/src/ejabberd_stun.erl
+++ b/src/ejabberd_stun.erl
@@ -203,7 +203,7 @@ listen_options() ->
      {turn_max_port, 65535},
      {turn_max_allocations, 10},
      {turn_max_permissions, 10},
-     {turn_blacklist, []},
+     {turn_blacklist, [<<"127.0.0.0/8">>, <<"::1/128">>]},
      {server_name, <<"ejabberd">>}].
 
 -spec init_logger() -> ok.
author	Holger Weiss <holger@zedat.fu-berlin.de>	2021-01-22 16:20:24 +0100
committer	Holger Weiss <holger@zedat.fu-berlin.de>	2021-01-22 16:20:24 +0100
commit	6c2bd91f014f2a29fd16fbe4f2d5feefe9ddd3a0 (patch)
tree	b1b4064e1f5a43c595bd3185744ac82f85b48e5f /src/ejabberd_stun.erl
parent	Update 'stun' dependency (diff)