Hi Anthony,
In case if an application is written to send continuous messages to FS, how to stop responding to that IP or stop messages reaching to FS from that IP. (like a DoS attack). Is there any provision at FS or do we need to take care at network router level with firewall configured properly. Thanks Suneel From: freeswitch-dev-boun...@lists.freeswitch.org [mailto:freeswitch-dev-boun...@lists.freeswitch.org] On Behalf Of Anthony Minessale Sent: 19 November 2009 15:24 To: freeswitch-dev@lists.freeswitch.org Subject: Re: [Freeswitch-dev] OPTIONS You cant block options but you can block new invites with "fsctl pause" That would cause the calls to fail over to the2nd route at least until the current calls are over. That is the only solution there is no way to not reply to options and there is nothing we can do to make that possible as it's a violation of the SIP spec. you would have to use a sip router like openser for that. On Thu, Nov 19, 2009 at 8:45 AM, Suneel Papineni <suneel.papin...@mettoni.com> wrote: Thanks Bret, but unfortunately I didn't have control on Gateway because it is a 3rd party (Except for adding primary and secondary FS IP addresses). So I need to do something at FS end only. -----Original Message----- From: freeswitch-dev-boun...@lists.freeswitch.org [mailto:freeswitch-dev-boun...@lists.freeswitch.org] On Behalf Of Trixter aka Bret McDanel Sent: 19 November 2009 13:44 To: freeswitch-dev@lists.freeswitch.org Subject: Re: [Freeswitch-dev] OPTIONS On Thu, 2009-11-19 at 13:23 +0000, Suneel Papineni wrote: > So is there anyway to instruct FS (through event sockets), not to > respond to OPTIONS message received from the GW. I would think that adding code to do that would cause some breakage. The better solution would be to have a trigger on your gateway to tell it to fail all calls over. If you did an ACL or packet filter or anything else, important messages may be lost. The exception would be if it does OPTIONS to a different port and you block that port only, so normal sip traffic goes through but the ping is stopped. This would be to a 2nd profile but the same instance of freeswitch, so it should work the same in terms of availability. You could modify sofia so that it could block this, but I do not think that it would be committed as a result you would have to maintain this out of tree. I could be wrong, it might get committed, but given that there are other solutions, and this one has some potential to create headaches for others I do not believe that it would. > -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721 _______________________________________________ FreeSWITCH-dev mailing list FreeSWITCH-dev@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev http://www.freeswitch.org ************************************************************************ * Please consider the environment before printing this e-mail ************************************************************************ * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.mettoni.com Mettoni Ltd Registered in England and Wales: 4485956 9400 Garsington Road, Oxford Business Park, Oxford, OX4 2HN ************************************************************************ * _______________________________________________ FreeSWITCH-dev mailing list FreeSWITCH-dev@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev http://www.freeswitch.org -- Anthony Minessale II FreeSWITCH http://www.freeswitch.org/ ClueCon http://www.cluecon.com/ Twitter: http://twitter.com/FreeSWITCH_wire AIM: anthm MSN:anthony_miness...@hotmail.com <mailto:msn%3aanthony_miness...@hotmail.com> GTALK/JABBER/PAYPAL:anthony.miness...@gmail.com <mailto:paypal%3aanthony.miness...@gmail.com> IRC: irc.freenode.net #freeswitch FreeSWITCH Developer Conference sip:8...@conference.freeswitch.org <mailto:sip%3a...@conference.freeswitch.org> iax:gu...@conference.freeswitch.org/888 googletalk:conf+...@conference.freeswitch.org <mailto:googletalk%3aconf%2b...@conference.freeswitch.org> pstn:213-799-1400 ************************************************************************* Please consider the environment before printing this e-mail ************************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.mettoni.com Mettoni Ltd Registered in England and Wales: 4485956 9400 Garsington Road, Oxford Business Park, Oxford, OX4 2HN *************************************************************************
_______________________________________________ FreeSWITCH-dev mailing list FreeSWITCH-dev@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev http://www.freeswitch.org
