[Freeswitch-dev] SO_REUSEPORT for RTP
Tamas Jalsovszky
jalsot at gmail.com
Mon Jan 23 21:16:53 MSK 2017
I can just agree with your statement. Unfortunately this is not my/our
brain-dead policy or rule but a few corporate firewall "specialists'", and
having no influence on it.
If somebody provides a patch, would you merge it or you would bar any such
a complication?
On 23 January 2017 at 19:01, Michael Jerris <mike at jerris.com> wrote:
> This adds zero value to security and adds lots of possibilities of failed
> calls. Seems like a complete waste of time to me. Education on what is
> and is not secure and why blocking more ports that are not listening adds
> zero to security seems a much more useful way to use time
>
> > On Jan 23, 2017, at 10:02 AM, Tamas Jalsovszky <jalsot at gmail.com> wrote:
> >
> > Hello,
> >
> > I have a few places where using a SIP (or webrtc) endpoint demands
> opening up the very restrictive local network firewall. Setting rtp port
> range would be the way to go, however usually the simple math (e.g. setting
> the range for 2x the number of endpoints) is still not welcomed by local
> network admins - paranoid ones :)
> >
> > My idea here is whether we could use SO_REUSEPORT in the RTP stack (I've
> found in sofia lib the conditional use of this option) and possibly setting
> a very short range for RTP or even setting only one port (I'm not sure
> about RTCP) as from the other side packets come from the same IP but from
> different port, e.g.
> > IPclient:PortA -> IPFSserver:PortX
> > IPclient:PortB -> IPFSserver:PortX
> > IPclient:PortC -> IPFSserver:PortX
> > etc.
> >
> > What do you think, would it be doable? If not, any other way to rapidly
> lower the port range to be set at the endpoint side?
> >
> > Regards,
> > Jalsot
> >
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20170123/090bd240/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-dev
mailing list