Ticket #932 (closed Feature Requests: fixed)

Opened 4 years ago

Last modified 1 year ago

Add permit/deny boxes for iax and sip devices

Reported by: vregnard Assigned to:
Priority: trivial Milestone: 2.6
Component: Core - Users/Devices Version:
Keywords: permit deny custom sip iax Cc:
Confirmation: Confirmed SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

Could be nice to have extra permit and deny boxes in the 'device options' in iax and sip device configuration pages. Maybe just after or before the already existing disallow and allow boxes.

Or maybe that could be replaced, as earlier mentionned, with a custom box where we could write freely some custom configuration.

Attachments

freepbx-devices-permitdeny.patch (2.6 kB) - added by vregnard on 06/09/06 08:21:37.
adds permit and deny boxes for sip and iax devices
functions.inc.php.diff (3.0 kB) - added by shag on 09/07/08 14:52:04.
fixed diff file for 2.5.0rc2.4 - adds permit & deny on both sip & iax pages, fixes sorting to put deny= on top of all (like we do for disallow=)

Change History

06/09/06 08:21:37 changed by vregnard

  • attachment freepbx-devices-permitdeny.patch added.

adds permit and deny boxes for sip and iax devices

02/22/08 05:36:12 changed by csabka

Would this feature be included in the main version of FreePBX? I think it could make FreePBX more secure if the remote registration is allowed (for HomeWorker?), but for only 1 extension. All other extensions are permitted to LAN.

Of course the best solution for this would be VPN and no public registration, and dedicated IP address for SIP trunk (if any).

Regards: Csaba

02/22/08 07:20:47 changed by p_lindheimer

  • confirmation set to Confirmed.
  • component changed from Web interface to Core - Users/Devices.
  • engine_version changed.
  • svn_rev changed.
  • milestone set to 3.0.

given how infrequent home users have static IP's it would probably be very limited. However marking for the next milestone to consider at that time.

02/22/08 07:42:03 changed by csabka

Hi,

I meant, e.g At a big home/small office user have 10 IP phone. He has another flat/office with 1 IP phone (of course dynamic IP). He set password for 11 SIP extension. He has no knowledge about VPN, but he want to use 1 IP phone from flat. He will make his asterisk to be open Internet wide... If this is the case (without ACL role) there are 11 possible sip registration attacks. Of course you could say that if he sets the 10 IP phone to ACL role, there still be 1 security hole (and of course remote exploits still open). I think 1 is still less then 11.

Another case: Social hacker ask the secretary's IP phone's password, she tells out somewhy...and from this point Social hacker can easily (without real hacking) can connect to office's PBX and use its lines.

Thank you for your fast response.

I know that this is not the best solution regarding to the security, but more easy to set for "square root 2" user who wants remote access to his extension.

Regards: Csaba

/Security could be increased until useless./

07/02/08 14:11:13 changed by p_lindheimer

  • milestone changed from 2.5 to 3.0.

09/07/08 14:52:04 changed by shag

  • attachment functions.inc.php.diff added.

fixed diff file for 2.5.0rc2.4 - adds permit & deny on both sip & iax pages, fixes sorting to put deny= on top of all (like we do for disallow=)

11/23/08 10:14:07 changed by jperry999

This feature would definitely help security by having a way to set all SIP extensions to deny all but permit only internal IP. This would allow receiving SIP calls from the external Internet but ONLY permit them as trunk-calls etc., preventing them from registering as an internal extension and thus making outgoing calls. See my full post http://www.freepbx.org/forum/freepbx/development/security-too-easy-for-intruders-to-use-your-phones-to-make-calls

12/01/08 08:45:04 changed by mickecarlsson

  • status changed from new to closed.
  • resolution set to fixed.

(In [7306]) Closes #932 adds permit/deny to sip and iax devices

01/06/09 13:58:59 changed by p_lindheimer

(In [7342]) Merged revisions 7177,7179-7185,7191-7201,7204-7211,7213-7221,7223-7226,7228-7249,7252-7260,7262-7272,7279-7285,7289-7291,7294-7295,7297-7312,7317-7320,7322-7331,7333-7340 via svnmerge from http://svn.freepbx.org/modules/branches/2.6

........

r7177 | p_lindheimer | 2008-10-29 10:51:38 -0700 (Wed, 29 Oct 2008) | 1 line

Auto Check-in of any outstanding patches

........

r7196 | mickecarlsson | 2008-10-30 23:25:31 -0700 (Thu, 30 Oct 2008) | 1 line

Fixed type in code fro fw_fop

........

r7228 | mickecarlsson | 2008-11-05 09:14:56 -0800 (Wed, 05 Nov 2008) | 1 line

Changed some enclosed text string with proper enclosures so that localization with apostrophe will work

........

r7255 | lazytt | 2008-11-12 07:57:37 -0800 (Wed, 12 Nov 2008) | 1 line

ref #3358

........

r7300 | mickecarlsson | 2008-11-23 01:15:27 -0800 (Sun, 23 Nov 2008) | 1 line

Fixes #3409, dashboard display wrong statistics and color when disk storage is above 1Tb

........

r7301 | mickecarlsson | 2008-11-23 06:11:19 -0800 (Sun, 23 Nov 2008) | 1 line

Enclosed text strings for translation. Updated .pot file and swedish language

........

r7302 | mickecarlsson | 2008-11-23 06:26:47 -0800 (Sun, 23 Nov 2008) | 1 line

Enclosed text string for translation in core

........

r7306 | mickecarlsson | 2008-12-01 08:45:04 -0800 (Mon, 01 Dec 2008) | 1 line

Closes #932 adds permit/deny to sip and iax devices

........

r7307 | mickecarlsson | 2008-12-01 09:00:09 -0800 (Mon, 01 Dec 2008) | 1 line

Adds default 0.0.0.0/0.0.0.0 in deny and permit for sip and iax devices

........

r7308 | mickecarlsson | 2008-12-03 22:20:02 -0800 (Wed, 03 Dec 2008) | 1 line

Fixes #3426, sets code to follow tool tip. Thank you ryand

........

r7310 | mickecarlsson | 2008-12-06 06:07:17 -0800 (Sat, 06 Dec 2008) | 1 line

Closes #3224 removes hard coded database name

........

r7317 | mickecarlsson | 2008-12-15 10:55:17 -0800 (Mon, 15 Dec 2008) | 1 line

Closes #3443 adding check for uppercase file extensions

........

r7320 | ethans | 2008-12-17 16:31:52 -0800 (Wed, 17 Dec 2008) | 3 lines

Adds hook support into IVR page

........

r7322 | mickecarlsson | 2008-12-17 22:08:41 -0800 (Wed, 17 Dec 2008) | 1 line

Closes 3448 adding check for server side DND in normal paging

........

r7340 | mickecarlsson | 2008-12-30 14:22:14 -0800 (Tue, 30 Dec 2008) | 1 line

Closes #3448 finally fixes the DND in paging. Thank you jjshoe

........