FYI "Trusted" Providers

[dbaum]

As part of increased security I would like to eliminate the "Trusted Providers" included in the Whole Enchilada and other releases. I presume I have to manually edit out the section from /etc/sysconfig/iptables to do this.

Ward would you consider not including this section and use a script add-trusted-providers to add them. This would permit the Trusted Providers listing to be updated through update scripts made available during release life.

Thanks!

 

[wardmundy]

That's actually how it works in 13-13. There's a supplemental file with the providers in /usr/local/sbin/iptables-custom.

 

[mainenotarynet]

I don't know if I'm reading him wrong, but maybe he's saying the list is too long and wants only providers he uses (and that is also where the Update comes in (for him)

I also find that I don't need EVERY trusted provider (unless I decide to use them (I use voip.ms only but did sign up for Skyetel [2 of their 6 servers are constantly down though] but have no DID with them yet) porting all my numbers would cost as much as a month of my 2 main servers, but may eventually do that to keep the 'bad guys' out in thee other pieces I've been posting in lately -- The Open sip in the cloud and Kamailio, and the third part I can't remember. In one of hese you said it works where the provider doesn't use registrations -- well Voip.ms does and Skyetel does not.

What I would like to see is a comment at the end as to which provider is which, so that if not used, we comment the beginning of the line and then only active providers are used, but updating may cause an issue there as the entire list would be updated and what happens to the commented ones.

 

[wardmundy]

If the provider requires registration, then you probably don't need the whitelist entry at all. Make a backup of the file and take them out (except the ones such as Skyetel and Anveo Direct that don't use registration).