diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2021-01-22 16:20:24 +0100 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2021-01-22 16:20:24 +0100 |
commit | 6c2bd91f014f2a29fd16fbe4f2d5feefe9ddd3a0 (patch) | |
tree | b1b4064e1f5a43c595bd3185744ac82f85b48e5f /src/ejabberd_stun.erl | |
parent | Update 'stun' dependency (diff) |
ejabberd_stun: Block loopback addresses by default
Don't accept loopback addresses as TURN peers by default. This makes
sure the TURN service won't allow remote clients to access local UDP
services.
However, this will break the case where the 'turn_ipv4_address' was set
to 127.0.0.1 as fallback and TURN worked "by accident" if both clients
were using the same TURN service. The service then talked to itself on
the loopback interface.
Diffstat (limited to 'src/ejabberd_stun.erl')
-rw-r--r-- | src/ejabberd_stun.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ejabberd_stun.erl b/src/ejabberd_stun.erl index f6d1e89a4..b4bc6b3e4 100644 --- a/src/ejabberd_stun.erl +++ b/src/ejabberd_stun.erl @@ -203,7 +203,7 @@ listen_options() -> {turn_max_port, 65535}, {turn_max_allocations, 10}, {turn_max_permissions, 10}, - {turn_blacklist, []}, + {turn_blacklist, [<<"127.0.0.0/8">>, <<"::1/128">>]}, {server_name, <<"ejabberd">>}]. -spec init_logger() -> ok. |