ejabberd_stun: Add 'turn_blacklist' option

The new 'turn_blacklist' listener option allows for specifying one or more IP addresses and/or subnet addresses/masks. The TURN server will refuse to relay traffic from/to blacklisted IP addresses. By default, Teredo and 6to4 addresses are blacklisted, as mandated by RFC 6156 (section 9.1).
author: Holger Weiss <holger@zedat.fu-berlin.de> 2020-05-21 21:46:02 +0200
committer: Holger Weiss <holger@zedat.fu-berlin.de> 2020-05-21 21:46:02 +0200
commit: 56d00e427d5f0bafbc91d26f55f8ba3a8ad7cef2 (patch)
tree: c3aa5636b8419c088e3b7eee213f444f914212e6 /src
parent: mod_stun_disco: Make 'services' example shorter (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/ejabberd_stun.erl b/src/ejabberd_stun.erl
index 46e7675c9..6be3434e7 100644
--- a/src/ejabberd_stun.erl
+++ b/src/ejabberd_stun.erl
@@ -177,6 +177,8 @@ listen_opt_type(turn_max_allocations) ->
     econf:pos_int(infinity);
 listen_opt_type(turn_max_permissions) ->
     econf:pos_int(infinity);
+listen_opt_type(turn_blacklist) ->
+    econf:list_or_single(econf:ip_mask());
 listen_opt_type(server_name) ->
     econf:binary();
 listen_opt_type(certfile) ->
@@ -195,5 +197,6 @@ listen_options() ->
      {turn_max_port, 65535},
      {turn_max_allocations, 10},
      {turn_max_permissions, 10},
+     {turn_blacklist, [<<"2001::/32">>, <<"2002::/16">>]}, % Teredo, 6to4.
      {server_name, <<"ejabberd">>}].
 -endif.
author	Holger Weiss <holger@zedat.fu-berlin.de>	2020-05-21 21:46:02 +0200
committer	Holger Weiss <holger@zedat.fu-berlin.de>	2020-05-21 21:46:02 +0200
commit	56d00e427d5f0bafbc91d26f55f8ba3a8ad7cef2 (patch)
tree	c3aa5636b8419c088e3b7eee213f444f914212e6 /src
parent	mod_stun_disco: Make 'services' example shorter (diff)