<div dir="ltr"><div>I can just agree with your statement. Unfortunately this is not my/our brain-dead policy or rule but a few corporate firewall "specialists'", and having no influence on it. <br><br></div>If somebody provides a patch, would you merge it or you would bar any such a complication?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 January 2017 at 19:01, Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This adds zero value to security and adds lots of possibilities of failed calls. Seems like a complete waste of time to me. Education on what is and is not secure and why blocking more ports that are not listening adds zero to security seems a much more useful way to use time<br>
<div><div class="h5"><br>
> On Jan 23, 2017, at 10:02 AM, Tamas Jalsovszky <<a href="mailto:jalsot@gmail.com">jalsot@gmail.com</a>> wrote:<br>
><br>
> Hello,<br>
><br>
> I have a few places where using a SIP (or webrtc) endpoint demands opening up the very restrictive local network firewall. Setting rtp port range would be the way to go, however usually the simple math (e.g. setting the range for 2x the number of endpoints) is still not welcomed by local network admins - paranoid ones :)<br>
><br>
> My idea here is whether we could use SO_REUSEPORT in the RTP stack (I've found in sofia lib the conditional use of this option) and possibly setting a very short range for RTP or even setting only one port (I'm not sure about RTCP) as from the other side packets come from the same IP but from different port, e.g.<br>
> IPclient:PortA -> IPFSserver:PortX<br>
> IPclient:PortB -> IPFSserver:PortX<br>
> IPclient:PortC -> IPFSserver:PortX<br>
> etc.<br>
><br>
> What do you think, would it be doable? If not, any other way to rapidly lower the port range to be set at the endpoint side?<br>
><br>
> Regards,<br>
> Jalsot<br>
><br>
<br>
<br>
</div></div>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" rel="noreferrer" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-dev</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br></div>