Adjust Video and Streaming services.
This commit is contained in:
parent
c097136b33
commit
1d2d6a6fae
@ -143,9 +143,15 @@ standard_unifi_udp_ctrl_out_ports="443,3478"
|
||||
# - outbound port 1936/TCP : outbound streaming over RTMP to LinkedIn
|
||||
# Live (port 1935 is also used for RTMP streaming to LinkedIn)
|
||||
#
|
||||
# - outbound port 6667/TCP : Twitch Live Chat
|
||||
#
|
||||
# - outbound port 10349 : outbound streaming vMix
|
||||
#
|
||||
# - outbound ports 2935/TCP and 2396/TCP : outbound streaming over
|
||||
# RTMPS to LinkedIn Live
|
||||
#
|
||||
# outbound ports 19302:19309 TCP : Google Hangout / Google Meet TCP streaming.
|
||||
#
|
||||
# - outbound port 443/TCP (HTTPS) : used for authentication with the
|
||||
# built-in providers such as YouTube Live, Facebook Live, Ustream,
|
||||
# Livestream, and Twitch
|
||||
@ -153,14 +159,21 @@ standard_unifi_udp_ctrl_out_ports="443,3478"
|
||||
# - outbound port 53/UDP (DNS) used for DNS lookups converting
|
||||
# hostnames to IP addresses
|
||||
#
|
||||
standard_outbound_streaming_tcp_ports="1935,1936,2935,2396"
|
||||
# - outbound ports 3478/TCP 19305:19307/TCP WebRTC for browserbased Encoding
|
||||
# (also used by Google Meet TCP streaming)
|
||||
#
|
||||
standard_outbound_streaming_tcp_ports="1935,1936,2935,2396,3478,6667,10349,19302:19309"
|
||||
|
||||
|
||||
# Outbound Streaming Ports UDP
|
||||
#
|
||||
# - outbound port 2088 UDP broadcasting from Mevo or the Livestream mobile app (iOS and Android).
|
||||
#
|
||||
standard_outbound_streaming_udp_ports="2088"
|
||||
# - outbound port 10349 : outbound streaming vMix
|
||||
#
|
||||
# - outbound ports 19302:19309 UDP : Google Hangout / Google Meet UDP streaming.
|
||||
#
|
||||
standard_outbound_streaming_udp_ports="2088,10349,19302:19309"
|
||||
|
||||
|
||||
# Echo360 Video Plattform
|
||||
@ -219,7 +232,23 @@ standard_jitsi_udp_port_range="10000:20000"
|
||||
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
# -
|
||||
standard_turn_service_ports="3478:3479,5349:5350"
|
||||
# - UDP/TCP 3478,5349 TURN listener port for UDP and TCP listeners (Default: 3478)
|
||||
# - TURN listener port for TLS and DTLS listeners (Default: 5349)
|
||||
# -
|
||||
# - UDP 49152:65535 For establishing p2p connection (i.e. Nextcloud 'talk' app):
|
||||
# -
|
||||
# - Each client will send the data through UDP to the other endpoint:
|
||||
# - if it's sending to a TURN server (to a relay candidate) it will send
|
||||
# - to a port between 49152-65535 (if it's sending directly to the other
|
||||
# - party it will send to any port in the 0-65535 range)
|
||||
# -
|
||||
# - --min-port Lower bound of the UDP port range for relay endpoints
|
||||
# - allocation. Default value is 49152, according to RFC 5766.
|
||||
# -
|
||||
# - --max-port Upper bound of the UDP port range for relay endpoints
|
||||
# - allocation. Default value is 65535, according to RFC 5766.
|
||||
# -
|
||||
standard_turn_service_ports="3478,5349"
|
||||
standard_turn_service_udp_ports="49152:65535"
|
||||
|
||||
# - alfaview - Video Conferencing Systems
|
||||
@ -230,6 +259,15 @@ standard_turn_service_udp_ports="49152:65535"
|
||||
standard_alfaview_service_tcp_ports="5380:5390"
|
||||
standard_alfaview_service_udp_ports="5380:5390"
|
||||
|
||||
# - Nextcloud talk App
|
||||
# -
|
||||
# - TCP/UDP 3478,3479,5349,5350
|
||||
# -
|
||||
# - UDP 49152:65535
|
||||
# -
|
||||
standard_nc_turn_ports="3478,3479,5349,5350"
|
||||
standard_nc_turn_udp_ports="49152:65535"
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Predefined Ports
|
||||
|
||||
@ -980,8 +980,8 @@ local_nc_turn_service=""
|
||||
# -
|
||||
# - comma separated list
|
||||
# -
|
||||
nc_turn_ports="$standard_turn_service_ports"
|
||||
nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
nc_turn_ports="$standard_nc_turn_ports"
|
||||
nc_turn_udp_ports="$standard_nc_turn_udp_ports"
|
||||
|
||||
|
||||
# ======
|
||||
|
||||
@ -956,8 +956,8 @@ local_nc_turn_service=""
|
||||
# -
|
||||
# - comma separated list
|
||||
# -
|
||||
nc_turn_ports="$standard_turn_service_ports"
|
||||
nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
nc_turn_ports="$standard_nc_turn_ports"
|
||||
nc_turn_udp_ports="$standard_nc_turn_udp_ports"
|
||||
|
||||
|
||||
# ======
|
||||
|
||||
@ -578,6 +578,23 @@ for _port in $ldap_tcp_ports ; do
|
||||
ldap_tcp_port_arr+=("$_port")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Turn/Stun Ports
|
||||
# ---
|
||||
declare -a standard_turn_service_port_arr
|
||||
CUR_IFS="$IFS"
|
||||
IFS=',' ; for _port in $standard_turn_service_ports ; do
|
||||
standard_turn_service_port_arr+=("$_port")
|
||||
done
|
||||
IFS="$CUR_IFS"
|
||||
|
||||
declare -a standard_turn_service_udp_port_arr
|
||||
CUR_IFS="$IFS"
|
||||
IFS=',' ; for _port in $standard_turn_service_udp_ports ; do
|
||||
standard_turn_service_udp_port_arr+=("$_port")
|
||||
done
|
||||
IFS="$CUR_IFS"
|
||||
|
||||
|
||||
# ---
|
||||
# - BigBlueButton Video Conference - adjust 'bigbluebutton_tcp_ports'
|
||||
@ -623,6 +640,48 @@ done
|
||||
IFS="$CUR_IFS"
|
||||
|
||||
|
||||
# ---
|
||||
# - Nextcloud 'talk' app
|
||||
# ---
|
||||
declare -a nc_turn_port_arr
|
||||
CUR_IFS="$IFS"
|
||||
_tmp_ports="$nc_turn_ports"
|
||||
nc_turn_ports=""
|
||||
declare -i count=0
|
||||
IFS=',' ; for _port in $_tmp_ports ; do
|
||||
if containsElement "${_port}" "${standard_turn_service_port_arr[@]}" ; then
|
||||
continue
|
||||
fi
|
||||
if [[ $count -eq 0 ]]; then
|
||||
nc_turn_ports="$_port"
|
||||
else
|
||||
nc_turn_ports="${nc_turn_ports},${_port}"
|
||||
fi
|
||||
((count++))
|
||||
done
|
||||
IFS="$CUR_IFS"
|
||||
|
||||
declare -a nc_turn_udp_port_arr
|
||||
CUR_IFS="$IFS"
|
||||
_tmp_udp_ports="$nc_turn_udp_ports"
|
||||
nc_turn_udp_ports=""
|
||||
declare -i count=0
|
||||
IFS=',' ; for _port in $_tmp_udp_ports ; do
|
||||
if containsElement "${_port}" "${standard_turn_service_udp_port_arr[@]}" ; then
|
||||
continue
|
||||
fi
|
||||
if [[ $count -eq 0 ]]; then
|
||||
nc_turn_udp_ports="$_port"
|
||||
else
|
||||
nc_turn_udp_ports="${nc_turn_udp_ports},${_port}"
|
||||
fi
|
||||
((count++))
|
||||
done
|
||||
IFS="$CUR_IFS"
|
||||
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - IPMI
|
||||
# ---
|
||||
|
||||
@ -2985,6 +2985,95 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Outbound Streaming
|
||||
# ---
|
||||
|
||||
echononl "\t\tOutbound Streaming (most providers)"
|
||||
|
||||
if $allow_outbound_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
# ---
|
||||
# - Turn/Stun Service
|
||||
# ---
|
||||
|
||||
echononl "\t\tTurn/Stun Service"
|
||||
|
||||
if $allow_outbound_streaming \
|
||||
|| $allow_echo360_video_streaming \
|
||||
|| $allow_bigbluebutton_video_conference_out \
|
||||
|| $allow_webex_video_conference_out \
|
||||
|| $allow_zoom_video_conference_out \
|
||||
|| $allow_jitsi_video_conference_out \
|
||||
|| $allow_alfaview_video_conference_out \
|
||||
|| $allow_nc_talk_out ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _port in ${standard_turn_service_port_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
done
|
||||
for _port in ${standard_turn_service_udp_port_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Echo360 Video Plattform
|
||||
# ---
|
||||
|
||||
echononl "\t\tEcho360 Video Plattform out only"
|
||||
|
||||
if $allow_echo360_video_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - BigBlueButton Video Conference Service out only
|
||||
# ---
|
||||
@ -3151,21 +3240,28 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
# - Nextcloud 'talk' App
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Server (Stun Server) (for Nextcloud 'talk' app)out only"
|
||||
echononl "\t\tNextcloud 'talk' App"
|
||||
|
||||
if $allow_nc_talk_out ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
@ -3731,6 +3731,97 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Outbound Streaming
|
||||
# ---
|
||||
|
||||
echononl "\t\tOutbound Streaming (most providers)"
|
||||
|
||||
if $allow_outbound_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
|
||||
$ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Turn/Stun Service
|
||||
# ---
|
||||
|
||||
echononl "\t\tTurn/Stun Service"
|
||||
|
||||
if $allow_outbound_streaming \
|
||||
|| $allow_echo360_video_streaming \
|
||||
|| $allow_bigbluebutton_video_conference_out \
|
||||
|| $allow_webex_video_conference_out \
|
||||
|| $allow_zoom_video_conference_out \
|
||||
|| $allow_jitsi_video_conference_out \
|
||||
|| $allow_alfaview_video_conference_out \
|
||||
|| $allow_nc_talk_out ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _port in ${standard_turn_service_port_arr[@]} ; do
|
||||
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
done
|
||||
for _port in ${standard_turn_service_udp_port_arr[@]} ; do
|
||||
|
||||
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Echo360 Video Plattform
|
||||
# ---
|
||||
|
||||
echononl "\t\tEcho360 Video Plattform out only"
|
||||
|
||||
if $allow_echo360_video_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - BigBlueButton Video Conference Service out only
|
||||
# ---
|
||||
@ -3894,21 +3985,29 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
# - Nextcloud 'talk' App
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Server (Stun Server) (for Nextcloud 'talk' app)out only"
|
||||
echononl "\t\tNextcloud 'talk' App"
|
||||
|
||||
if $allow_nc_talk_out ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ipt -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
Loading…
Reference in New Issue
Block a user