docker/mod/core/freeswitch/acl.conf.xml

51 lines
1.8 KiB
XML

<configuration name="acl.conf" description="Network Lists">
<network-lists>
<!--
These ACL's are automatically created on startup.
rfc1918.auto - RFC1918 Space
nat.auto - RFC1918 Excluding your local lan.
localnet.auto - ACL for your local lan.
loopback.auto - ACL for your local lan.
-->
<list name="lan" default="allow">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.130.218.147/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
</list>
<!--
custom "loopback" so that traffic from docker
containers is also considered as local
-->
<list name="loopback.custom" default="deny">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
<node type="allow" cidr="$${external_ip_v4}/32"/>
</list>
<list name="deny_private_v6" default="allow">
<node type="deny" cidr="0.0.0.0/0"/>
<node type="deny" cidr="fe80::/10"/>
<node type="deny" cidr="fc00::/7"/>
</list>
<!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
-->
<list name="domains" default="allow">
<!-- domain= is special it scans the domain from the directory to build the ACL -->
<node type="allow" domain="$${domain}"/>
<node type="allow" domain="10.0.0.0/8"/>
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
</list>
</network-lists>
</configuration>