diff --git a/res/res_pjsip_acl.c b/res/res_pjsip_acl.c
index c44704cf5c..7046cde5de 100644
--- a/res/res_pjsip_acl.c
+++ b/res/res_pjsip_acl.c
@@ -37,47 +37,77 @@
SIP ACL module
ACL
-
- The ACL module used by res_pjsip. This module is
+
+ The ACL module used by res_pjsip. This module is
independent of endpoints and operates on all inbound
SIP communication using res_pjsip.
- It should be noted that this module can also reference ACLs from
- acl.conf.
+ There are two main ways of defining your ACL with the options
+ provided. You can use the permit and deny options
+ which act on IP addresses, or the contactpermit
+ and contactdeny options which act on Contact header
+ addresses in incoming REGISTER requests. You can combine the various options to
+ create a mixed ACL.
- There are two main ways of creating an access list: IP-Domain
- and Contact Header. It is possible to create a combined ACL using
- both IP and Contact.
+ Additionally, instead of defining an ACL with options, you can reference IP or
+ Contact header ACLs from the file acl.conf by using the acl
+ or contactacl options.
Access Control List
- Name of IP ACL
+ List of IP ACL section names in acl.conf
- This matches sections configured in acl.conf
+ This matches sections configured in acl.conf. The value is
+ defined as a list of comma-delimited section names.
- Name of Contact ACL
+ List of Contact ACL section names in acl.conf
- This matches sections configured in acl.conf
+ This matches sections configured in acl.conf. The value is
+ defined as a list of comma-delimited section names.
- List of Contact Header addresses to Deny
+ List of Contact header addresses to deny
+
+ The value is a comma-delimited list of IP addresses. IP addresses may
+ have a subnet mask appended. The subnet mask may be written in either
+ CIDR or dotted-decimal notation. Separate the IP address and subnet
+ mask with a slash ('/')
+
- List of Contact Header addresses to Permit
+ List of Contact header addresses to permit
+
+ The value is a comma-delimited list of IP addresses. IP addresses may
+ have a subnet mask appended. The subnet mask may be written in either
+ CIDR or dotted-decimal notation. Separate the IP address and subnet
+ mask with a slash ('/')
+
- List of IP-domains to deny access from
+ List of IP addresses to deny access from
+
+ The value is a comma-delimited list of IP addresses. IP addresses may
+ have a subnet mask appended. The subnet mask may be written in either
+ CIDR or dotted-decimal notation. Separate the IP address and subnet
+ mask with a slash ('/')
+
- List of IP-domains to allow access from
+ List of IP addresses to permit access from
+
+ The value is a comma-delimited list of IP addresses. IP addresses may
+ have a subnet mask appended. The subnet mask may be written in either
+ CIDR or dotted-decimal notation. Separate the IP address and subnet
+ mask with a slash ('/')
+
- Must be of type 'security'.
+ Must be of type 'acl'.