[OpenSIPS-Users] Filtering out RFC6263 traffic on Mediaproxy

Andreas Sikkema h323 at ramdyne.nl
Sat Nov 26 15:58:04 CET 2011


Saul,

>>> Once the call is up (a single RTP packet was received from each endpoint) MediaProxy will setup a conntrack rule, and the Linux kernel will do the relaying. This means that MediaProxy itself cannot inspect the RTP packets at that point, because they are not traversing user-space code anymore.
>> As far as understood, what Andreas wants to do is to drop such packages from iptables rule, not necessarily from media relay software.
>>
> 
> Yes, indeed. I was pointing out that option 2 (adding RFC6263 config option to MediaProxy) is not feasible due to its architecture, but doing it with iptables is perfectly fine :-)

What I was trying to suggest was adding a config option to the
mediaproxy configuration file and have its startup scripts creating the
appropriate iptables command. So when I change the mediaproxy
configuration the iptables command gets changed as well.

There's probably some danger of interference with an existing iptables
configuration, but who knows. I've never dived into whether one can add
and remove a specific rule from a configuration. I only know how to add
and how to flush them all ;-)

-- 
Andreas Sikkema



More information about the Users mailing list