From 5d8ef9a8f516f19f766f8a98726ebf4772ae2056 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 7 Jun 2021 11:31:30 +0200 Subject: [PATCH] Adjust BigBlueButton TCP Ports out. --- conf/default_ports.conf | 2 +- conf/post_decalrations.conf | 33 +++++++++++++++++++++++++++++++++ ip6t-firewall-gateway | 5 ++++- ipt-firewall-gateway | 4 +++- 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/conf/default_ports.conf b/conf/default_ports.conf index d60ff1e..938ff6c 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -137,7 +137,7 @@ standard_unifi_udp_ctrl_out_ports="443,3478" # - BigBlueButton Video Conference Service # - -standard_bigbluebutton_tcp_ports="$standard_http_ports" +standard_bigbluebutton_tcp_ports="$standard_http_ports,5066,7443" standard_bigbluebutton_udp_port_range="16384:32768" # - Webex Meeting diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 3de7975..682df16 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -5,6 +5,18 @@ # --- Define Arrays # ----------- + +# --- +# - Standard http ports +# --- +declare -a standard_http_port_arr +CUR_IFS="$IFS" +IFS=',' ; for _port in $standard_http_ports ; do + standard_http_port_arr+=("${_port}") +done +IFS="$CUR_IFS" + + # --- # - Masquerade TCP Connections # --- @@ -566,6 +578,27 @@ for _port in $ldap_tcp_ports ; do ldap_tcp_port_arr+=("$_port") done +# --- +# - BigBlueButton Video Conference - adjust 'bigbluebutton_tcp_ports' +# --- +declare -a bigbluebutton_tcp_port_arr +CUR_IFS="$IFS" +_tmp_tcp_ports="$bigbluebutton_tcp_ports" +bigbluebutton_tcp_ports="" +declare -i count=0 +IFS=',' ; for _port in $_tmp_tcp_ports ; do + if containsElement "${_port}" "${standard_http_port_arr[@]}" ; then + continue + fi + if [[ $count -eq 0 ]]; then + bigbluebutton_tcp_ports="$_port" + else + bigbluebutton_tcp_ports="${bigbluebutton_tcp_ports},${_port}" + fi + ((count++)) +done +IFS="$CUR_IFS" + # --- # - IPMI # --- diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index c3e0463..eb76db5 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -2994,13 +2994,16 @@ echononl "\t\tBigBlueButton Video Conference Service out only" if $allow_bigbluebutton_video_conference_out ; then for _dev in ${ext_if_arr[@]} ; do - if [[ "$bigbluebutton_tcp_ports" != "$standard_http_ports" ]] ; then + if [[ -n $bigbluebutton_tcp_ports ]] ; then + $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $bigbluebutton_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $bigbluebutton_tcp_ports -m conntrack --ctstate NEW -j ACCEPT fi fi + $ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $bigbluebutton_udp_ports -m conntrack --ctstate NEW -j ACCEPT if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 3bc24d0..405c138 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -3740,8 +3740,10 @@ echononl "\t\tBigBlueButton Video Conference Service out only" if $allow_bigbluebutton_video_conference_out ; then for _dev in ${ext_if_arr[@]} ; do - if [[ "$bigbluebutton_tcp_ports" != "$standard_http_ports" ]] ; then + if [[ -n $bigbluebutton_tcp_ports ]] ; then + $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $bigbluebutton_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $bigbluebutton_tcp_ports -m conntrack --ctstate NEW -j ACCEPT fi