[OpenSIPS-Users] Filtering out RFC6263 traffic on Mediaproxy
Saul Ibarra Corretge
saul at ag-projects.com
Sat Nov 26 12:37:03 CET 2011
>>>
>>> The first option is sub-optimal, I don't want all our routers having a
>>> drop-this-packet "firewall" line for various reasons. The second
>>> option I've started to like more and more. There's two ways to resolve
>>> this:
>>> - I just make sure I add an iptables call somewhere in the startup script, or
>>> - I/We add an RFC6263 configuration option to Mediaproxy that does
>>> more or less the same
>>>
>>> The iptables call would drop all 0 length UDP messages sent to the
>>> mediaproxy ports.
>>>
>>> Am I wrong in my thinking?
>>>
>> Once the call is up (a single RTP packet was received from each endpoint) MediaProxy will setup a conntrack rule, and the Linux kernel will do the relaying. This means that MediaProxy itself cannot inspect the RTP packets at that point, because they are not traversing user-space code anymore.
> As far as understood, what Andreas wants to do is to drop such packages from iptables rule, not necessarily from media relay software.
>
Yes, indeed. I was pointing out that option 2 (adding RFC6263 config option to MediaProxy) is not feasible due to its architecture, but doing it with iptables is perfectly fine :-)
Regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list