From 20910ed00b7012635a25fcf603fd5dfb62c0ffdb Mon Sep 17 00:00:00 2001
From: Mayeul Cantan <oss+github@mayeul.net>
Date: Wed, 19 Oct 2022 11:53:52 +0200
Subject: [PATCH] turnserver.conf: remove no-loopback-peers

See https://github.com/coturn/coturn/commit/8a60754d709cd34936f73e4f71a618e38f81e045

Option removed in 4.5.2. This was a sane default before, but now coturn complains on startup that this option is invalid:
> Bad configuration format: no-loopback-peers

See also:
cve-2020-26262
https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
https://www.mageni.net/vulnerability/coturn-452-loopback-bypass-vulnerability-145204
---
 conf/turnserver.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index f25071c..4d4494a 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -18,7 +18,6 @@ no-sslv3
 no-tlsv1
 no-tlsv1_1
 
-no-loopback-peers
 no-multicast-peers
 
 no-cli