Add no-multicast-peers to Coturn config by default
Part of a security hardening provoked by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
This commit is contained in:
parent
803d5c129e
commit
4c9f96722f
|
@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: []
|
||||||
matrix_coturn_user_quota: null
|
matrix_coturn_user_quota: null
|
||||||
matrix_coturn_total_quota: null
|
matrix_coturn_total_quota: null
|
||||||
|
|
||||||
|
# Controls whether `no-multicast-peers` is added to the configuration
|
||||||
|
matrix_coturn_no_multicast_peers_enabled: true
|
||||||
|
|
||||||
# To enable TLS, you need to provide paths to certificates.
|
# To enable TLS, you need to provide paths to certificates.
|
||||||
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
||||||
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
||||||
|
|
|
@ -39,6 +39,10 @@ user-quota={{ matrix_coturn_user_quota }}
|
||||||
total-quota={{ matrix_coturn_total_quota }}
|
total-quota={{ matrix_coturn_total_quota }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_coturn_no_multicast_peers_enabled %}
|
||||||
|
no-multicast-peers
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for ip_range in matrix_coturn_denied_peer_ips %}
|
{% for ip_range in matrix_coturn_denied_peer_ips %}
|
||||||
denied-peer-ip={{ ip_range }}
|
denied-peer-ip={{ ip_range }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
Loading…
Reference in a new issue