[Freeswitch-users] SBC

Brian West brian at freeswitch.org
Mon Dec 12 19:06:28 MSK 2016 

Fork, pull request like usual, we can start a new thread for this
discussion once you start reviewing it.

/b


On Mon, Dec 12, 2016 at 10:01 AM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> Is there a thread to discuss this or should I just fork and propose as
> always?
>
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
> On Mon, Dec 12, 2016 at 4:59 PM, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Sounds good, I'll take a look.
>>
>> Thanks
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337 <+34%20669%2044%2083%2037>
>>
>> On Mon, Dec 12, 2016 at 4:56 PM, Brian West <brian at freeswitch.org> wrote:
>>
>>> I've given everyone the opportunity to get involved in the new 1.8
>>> configs, So far very few people have stepped up to assist me in this task.
>>>
>>> It should be hardened by default, or have a way to toggle the hardened
>>> configs on.
>>>
>>> https://freeswitch.org/stash/projects/FS/repos/fs18configs/browse
>>>
>>> If you wish to review.
>>>
>>> /b
>>>
>>>
>>> On Mon, Dec 12, 2016 at 9:30 AM, David Villasmil <
>>> david.villasmil.work at gmail.com> wrote:
>>>
>>>> I'm just thinking out loud, but maybe it'd be a good idea to have 2
>>>> default configs somehow. 1 which is the current one, and the second would
>>>> be a ver-very-hardened one.
>>>> I usually start-off with https://github.com/voxser
>>>> v/freeswitch_conf_minimal or https://github.com/mx4492/f
>>>> reeswitch-minimal-conf which are very basic, but it would be a great
>>>> idea to have available a "hardened" one.
>>>>
>>>> Regards,
>>>>
>>>> David Villasmil
>>>> email: david.villasmil.work at gmail.com
>>>> phone: +34669448337
>>>>
>>>> On Mon, Dec 12, 2016 at 4:22 PM, Brian West <brian at freeswitch.org>
>>>> wrote:
>>>>
>>>>> Kamil,
>>>>>
>>>>> The security model of FreeSWITCH can be quite complex, To blame
>>>>> FreeSWITCH itself for your misconfiguration is downright FUD, If you have
>>>>> issues or questions on how to properly configure FreeSWITCH for this
>>>>> specific role you can just ask, many of us will help you create a
>>>>> configuration that would be robust and secure.  If you would have set
>>>>> 'disable-transfer', to true, and possibly 'disable-register' it would also
>>>>> help lower your attack surface, In addition you shouldn't open your system
>>>>> to the planet, thats irresponsible on your part for doing so.
>>>>>
>>>>> FreeSWITCH isn't a firewall, so of course its weak because its NOT a
>>>>> firewall.
>>>>>
>>>>> And these are in the configs:
>>>>>
>>>>>
>>>>>     <!-- disable register and transfer which may be undesirable in a
>>>>> public switch -->
>>>>>
>>>>>     <!--<param name="disable-transfer" value="true"/>-->
>>>>>
>>>>>     <!--<param name="disable-register" value="true"/>-->
>>>>>
>>>>> Thanks,
>>>>> /b
>>>>>
>>>>>
>>>>> On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
>>>>> kamil.nigmatullin at gmail.com> wrote:
>>>>>
>>>>>> I love freeswitch, but frankly I would not recomend to set it as SBC.
>>>>>> I personally faced two attacks where FS was not good at. And we lost a lot
>>>>>> of money. It works perfectly as NAT between internal and extenal networks,
>>>>>> actually in everything but it is weak as a firewall. Stanislav knows that,
>>>>>> he helped me to resolve the problem first time when it happend. I cannot go
>>>>>> into details as this is open forum. You need to put either kamailio or
>>>>>> opensips in front of FS.
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Brian West*
>>>>> brian at freeswitch.org
>>>>>
>>>>>
>>>>> *Twitter: @FreeSWITCH , @briankwest*
>>>>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>>>>> http://www.freeswitchcookbook.com (50% Discount using code
>>>>> FreeSwitch50)
>>>>> https://www.gofundme.com/freeswitch_ubuntu
>>>>>
>>>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>>>
>>>>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002
>>>>> <(918)%20420-9002> | *M:*+1918424WEST (9378)
>>>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>>>
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>>> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
>>> https://www.gofundme.com/freeswitch_ubuntu
>>>
>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>
>>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002
>>> <(918)%20420-9002> | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/85ad0e4a/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list