Add no-multicast-peers to Coturn config by default

Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
This commit is contained in:
Slavi Pantaleev 2023-01-26 17:04:04 +02:00
parent 803d5c129e
commit 4c9f96722f
2 changed files with 7 additions and 0 deletions

View file

@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: []
matrix_coturn_user_quota: null matrix_coturn_user_quota: null
matrix_coturn_total_quota: null matrix_coturn_total_quota: null
# Controls whether `no-multicast-peers` is added to the configuration
matrix_coturn_no_multicast_peers_enabled: true
# To enable TLS, you need to provide paths to certificates. # To enable TLS, you need to provide paths to certificates.
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths. # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`. # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.

View file

@ -39,6 +39,10 @@ user-quota={{ matrix_coturn_user_quota }}
total-quota={{ matrix_coturn_total_quota }} total-quota={{ matrix_coturn_total_quota }}
{% endif %} {% endif %}
{% if matrix_coturn_no_multicast_peers_enabled %}
no-multicast-peers
{% endif %}
{% for ip_range in matrix_coturn_denied_peer_ips %} {% for ip_range in matrix_coturn_denied_peer_ips %}
denied-peer-ip={{ ip_range }} denied-peer-ip={{ ip_range }}
{% endfor %} {% endfor %}