diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index 35ee0ae..e665a57 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -13,15 +13,16 @@ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
 dh-file=/etc/ssl/private/dh2048.pem
 
+# Block clear communication
+no-udp
+no-tcp
+
+# Block old protocols
 no-sslv2
 no-sslv3
 no-tlsv1
 no-tlsv1_1
 
-no-multicast-peers
-
-no-cli
-
 log-file=/var/log/matrix-__APP__/turnserver.log
 pidfile=/run/coturn-__APP__/turnserver.pid
 simple-log
@@ -30,6 +31,12 @@ simple-log
 user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
 total-quota=1200
 
+# recommended additional local peers to block, to mitigate external access to internal services.
+# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
+no-multicast-peers
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+
 # Max time 12h
 max-allocate-lifetime=43200