diff --git a/conf/default_ports.conf b/conf/default_ports.conf index 49dfcf5..db1c97f 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -49,6 +49,10 @@ standard_ipsec_nat_t=4500 standard_http_ports="80,443" standard_mailuser_ports="587,465,110,995,143,993" +# - Jitsi Video Conference Service +# - +standard_jitsi_tcp_ports="$standard_http_ports" +standard_jitsi_udp_port_range="10000:20000" # ------------- # --- Predefined Ports diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index 29df1e2..e8caf12 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -800,6 +800,27 @@ snmp_trap_port="$standard_snmp_trap_port" mumble_ports="64738" +# ====== +# - Jitsi Video Conference Service +# ====== + +# - Jitsi Video Conference Service Gateway +# - +# - NOT YET IMPLEMENTED +# - +local_jitsi_video_conference_service=false + +# - Jitsi Video Conference Service Ports +# - +# - TCP 80: Webinterface. +# - TCP 443: Webinterface (SSL) +# - +# - UDP 10000-20000: Virtual Media for Remote Console +# - +jitsi_tcp_ports="$standard_http_ports" +jitsi_udp_ports="10000:20000" + + # ====== # - XyMon Service # ====== @@ -1257,7 +1278,8 @@ allow_irc_request_out=true allow_mysql_request_out=true allow_ipmi_request_out=true allow_remote_console_request_out=true -allow_mumble_out=true +allow_mumble_request_out=true +allow_jitsi_video_conference_out=true allow_samba_requests_out=true diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index e14bcbe..6c66593 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -769,6 +769,32 @@ snmp_trap_port="$standard_snmp_trap_port" mumble_ports="64738" +# ====== +# - Jitsi Video Conference Service +# ====== + +# - Jitsi Video Conference Service Gateway +# - +# - NOT YET IMPLEMENTED +# - +local_jitsi_video_conference_service=false + + +# - Jitsi Video Conference Service only out +# - +# - Ports: +# - +# - TCP 80: Webinterface. +# - TCP 443: Webinterface (SSL) +# - +# - UDP 10000-20000: Virtual Media for Remote Console +# - +# - comma separated list +# - +jitsi_tcp_ports="$standard_http_ports" +jitsi_udp_port_range="10000:20000" + + # ====== # - XyMon Service # ====== @@ -1195,7 +1221,8 @@ allow_irc_request_out=true allow_mysql_request_out=true allow_ipmi_request_out=true allow_remote_console_request_out=true -allow_mumble_out=true +allow_mumble_request_out=true +allow_jitsi_video_conference_out=true allow_samba_requests_out=true diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 9c4720f..40c65b2 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -2858,6 +2858,40 @@ else fi +# --- +# - Jitsi Video Conference Service out only +# --- + +echononl "\t\tJitsi Video Conference Service out only" + +if $allow_jitsi_video_conference_out ; then + for _dev in ${ext_if_arr[@]} ; do + + $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT + fi + + if [[ "$standard_jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_jitsi_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + $ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_jitsi_udp_port_range -m conntrack --ctstate NEW -j ACCEPT + + + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then + if [[ "$standard_jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_jitsi_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + $ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $standard_jitsi_udp_port_range -m conntrack --ctstate NEW -j ACCEPT + fi + + done + echo_done +else + echo_skipped +fi + + # --- # - PGP Keyserver out only # --- diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 10bcf40..f18e2d1 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -3568,6 +3568,40 @@ else fi +# --- +# - Jitsi Video Conference Service out only +# --- + +echononl "\t\tJitsi Video Conference Service out only" + +if $allow_jitsi_video_conference_out ; then + for _dev in ${ext_if_arr[@]} ; do + + $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT + fi + + if [[ "$standard_jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_jitsi_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + $ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $standard_jitsi_udp_port_range -m conntrack --ctstate NEW -j ACCEPT + + + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + if [[ "$standard_jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_jitsi_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + $ipt -A FORWARD -o $_dev -p udp -m multiport --dports $standard_jitsi_udp_port_range -m conntrack --ctstate NEW -j ACCEPT + fi + + done + echo_done +else + echo_skipped +fi + + # --- # - PGP Keyserver out only # ---