Saul, >>> Once the call is up (a single RTP packet was received from each endpoint) >>> MediaProxy will setup a conntrack rule, and the Linux kernel will do the >>> relaying. This means that MediaProxy itself cannot inspect the RTP packets >>> at that point, because they are not traversing user-space code anymore. >> As far as understood, what Andreas wants to do is to drop such packages from >> iptables rule, not necessarily from media relay software. >> > > Yes, indeed. I was pointing out that option 2 (adding RFC6263 config option > to MediaProxy) is not feasible due to its architecture, but doing it with > iptables is perfectly fine :-)
What I was trying to suggest was adding a config option to the mediaproxy configuration file and have its startup scripts creating the appropriate iptables command. So when I change the mediaproxy configuration the iptables command gets changed as well. There's probably some danger of interference with an existing iptables configuration, but who knows. I've never dived into whether one can add and remove a specific rule from a configuration. I only know how to add and how to flush them all ;-) -- Andreas Sikkema _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
