@Nikos By the way, i think ip restriction on per- sendsms-user is lacking... *adds to wishlist* So it's also doubtful point to compare with ;-)
@Rene I'm +1 on ip restriction per user, anyway ;-) 2010/7/7 Nikos Balkanas <[email protected]> > Well, I mentioned that sendsms-user, the only other real SMS pushing > analogue is using authentication, without IP filters. Box connections, use > only filters without any authentication, and the only exception is HTTP > admin, which has some serious security issues. But these are not related to > SMS submission. You have to also account for dynamic IPs. > > You don't really need connections per user. These make sense for addresses > that change a lot (dynamic IPs) for services that require frequent > reconnections. These are business connections that stay on all the time, > without any chance for one user to reuse another's address. It would make > more sense to limit number of active sessions/user. > > I guess it doesn't hurt to implement. However, there are so many thngs to > do in smppbox, is that really a priority? > > > BR, > Nikos > ----- Original Message ----- From: "Rene Kluwen" <[email protected]> > To: "'Rene Kluwen'" <[email protected]>; "'Nikos Balkanas'" < > [email protected]>; "'ishagh ouldbah'" <[email protected]>; < > [email protected]> > Sent: Wednesday, July 07, 2010 3:59 AM > > Subject: RE: smpp restrict connection to a specific client > > > Also it will allow ip connections on a per-user level. >> Something that cannot be done with external firewall hardware or software. >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf >> Of Rene Kluwen >> Sent: woensdag 7 juli 2010 2:23 >> To: 'Nikos Balkanas'; 'ishagh ouldbah'; [email protected] >> Subject: RE: smpp restrict connection to a specific client >> >> I agree that this kind of stuff is better arranged by real firewall >> software. >> But in Kannel we have connect-allow-ip c.s. right? So I don't see it is >> contrary to Kannel philosophy. >> >> == Rene >> >> -----Original Message----- >> From: Nikos Balkanas [mailto:[email protected]] >> Sent: woensdag 7 juli 2010 1:56 >> To: Rene Kluwen; 'ishagh ouldbah'; [email protected] >> Subject: Re: smpp restrict connection to a specific client >> >> I wouldn't recommend it. It is contrary to kannel philosophy (vis a vis >> sendsms-user). Besides there is better external software for this and >> anyone >> >> concerned about that level of security, already has a dedicated firewall >> installed. >> >> BR, >> Nikos >> ----- Original Message ----- From: "Rene Kluwen" <[email protected]> >> To: "'Nikos Balkanas'" <[email protected]>; "'ishagh ouldbah'" >> <[email protected]>; <[email protected]> >> Sent: Wednesday, July 07, 2010 1:58 AM >> Subject: RE: smpp restrict connection to a specific client >> >> >> Of course it is possible to add an ip address or list of ip addresses in >>> smpplogins.txt. >>> But then again: Is anybody waiting for that? >>> >>> == Rene >>> >>> -----Original Message----- >>> From: Nikos Balkanas [mailto:[email protected]] >>> Sent: dinsdag 6 juli 2010 20:36 >>> To: Rene Kluwen; 'ishagh ouldbah'; [email protected] >>> Subject: Re: smpp restrict connection to a specific client >>> >>> Hi, >>> >>> All clients need to authenticate against smppbox to send SMPP. >>> >>> Otherwise any descent firewall should restrict network access. >>> >>> BR, >>> Nikos >>> ----- Original Message ----- From: Rene Kluwen >>> To: 'ishagh ouldbah' ; [email protected] >>> Sent: Tuesday, July 06, 2010 7:21 PM >>> Subject: RE: smpp restrict connection to a specific client >>> >>> >>> If you are talking about restricting source ip addresses, I use iptables >>> for >>> >>> that. >>> >>> == Rene >>> >>> From: [email protected] [mailto:[email protected]] On >>> Behalf >>> Of ishagh ouldbah >>> Sent: dinsdag 6 juli 2010 16:00 >>> To: [email protected] >>> Subject: smpp restrict connection to a specific client >>> >>> Hi all >>> I have this question regarding smppbox >>> can i allow conction to only clients that i want >>> Regards >>> >>> >>> >>> >>> >> >> >> >> >> >> > >
