Adjust Video and Streaming services.
This commit is contained in:
@ -2985,6 +2985,95 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Outbound Streaming
|
||||
# ---
|
||||
|
||||
echononl "\t\tOutbound Streaming (most providers)"
|
||||
|
||||
if $allow_outbound_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_outbound_streaming_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $standard_outbound_streaming_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
# ---
|
||||
# - Turn/Stun Service
|
||||
# ---
|
||||
|
||||
echononl "\t\tTurn/Stun Service"
|
||||
|
||||
if $allow_outbound_streaming \
|
||||
|| $allow_echo360_video_streaming \
|
||||
|| $allow_bigbluebutton_video_conference_out \
|
||||
|| $allow_webex_video_conference_out \
|
||||
|| $allow_zoom_video_conference_out \
|
||||
|| $allow_jitsi_video_conference_out \
|
||||
|| $allow_alfaview_video_conference_out \
|
||||
|| $allow_nc_talk_out ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _port in ${standard_turn_service_port_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
done
|
||||
for _port in ${standard_turn_service_udp_port_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Echo360 Video Plattform
|
||||
# ---
|
||||
|
||||
echononl "\t\tEcho360 Video Plattform out only"
|
||||
|
||||
if $allow_echo360_video_streaming ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $standard_echo360_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - BigBlueButton Video Conference Service out only
|
||||
# ---
|
||||
@ -3151,21 +3240,28 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
# - Nextcloud 'talk' App
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Server (Stun Server) (for Nextcloud 'talk' app)out only"
|
||||
echononl "\t\tNextcloud 'talk' App"
|
||||
|
||||
if $allow_nc_talk_out ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
if [[ -n "$nc_turn_ports" ]] ; then
|
||||
$ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
if [[ -n "$nc_turn_udp_ports" ]] ; then
|
||||
$ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $nc_turn_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user