From 701655c193d4bf4f5f8984e9bb7ba473962cd6e2 Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 9 Jun 2021 16:38:34 +0200 Subject: [PATCH] Add support for ZOOM Meetings. --- conf/default_ports.conf | 19 +++++++++++++++++++ conf/main_ipv4.conf.sample | 24 ++++++++++++++++++++++++ conf/main_ipv6.conf.sample | 24 ++++++++++++++++++++++++ conf/post_decalrations.conf | 24 ++++++++++++++++++++++++ ip6t-firewall-gateway | 31 +++++++++++++++++++++++++++++++ ipt-firewall-gateway | 31 +++++++++++++++++++++++++++++++ 6 files changed, 153 insertions(+) diff --git a/conf/default_ports.conf b/conf/default_ports.conf index b4df0a0..0e92355 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -157,6 +157,25 @@ standard_webex_udp_ports="9000" standard_webex_tcp_fall_back_ports="5004" +# - Zoom Meeting - Video Conference Service +# - +# - TCP 80,443 A ll Zoom Clients and *.zoom.us +# - Meeting Connector +# - +# - TCP 443,8801,8802 All Zoom Clients MeetingConnector.IP +# - MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +# - UDP 3478,3479,8801, All Zoom Clients MeetingConnector.IP +# - 8802 MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +standard_zoom_tcp_ports="80,443,8801,8802" +standard_zoom_udp_port_range="3478,3479,8801,8802 " + + # - Jitsi Video Conference Service # - standard_jitsi_tcp_ports="$standard_http_ports" diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index c7e94ff..1973a42 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -912,6 +912,29 @@ webex_udp_ports="$standard_webex_udp_ports" webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" +# ====== +# - Zoom Meeting +# ====== + +# - Zoom Meeting - Video Conference Service +# - +# - TCP 80,443 A ll Zoom Clients and *.zoom.us +# - Meeting Connector +# - +# - TCP 443,8801,8802 All Zoom Clients MeetingConnector.IP +# - MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +# - UDP 3478,3479,8801, All Zoom Clients MeetingConnector.IP +# - 8802 MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +zoom_tcp_ports="$standard_zoom_tcp_ports" +zoom_udp_ports="$standard_zoom_udp_port_range" + + # ====== # - Jitsi Video Conference Service # ====== @@ -1496,6 +1519,7 @@ allow_remote_console_request_out=true allow_mumble_request_out=true allow_bigbluebutton_video_conference_out=true allow_webex_video_conference_out=true +allow_zoom_video_conference_out=true allow_jitsi_video_conference_out=true allow_alfaview_video_conference_out=true allow_nc_talk_out=true diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 785d0a5..ea616ef 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -883,6 +883,29 @@ webex_udp_ports="$standard_webex_udp_ports" webex_tcp_fall_back_ports="$standard_webex_tcp_fall_back_ports" +# ====== +# - Zoom Meeting +# ====== + +# - Zoom Meeting - Video Conference Service +# - +# - TCP 80,443 A ll Zoom Clients and *.zoom.us +# - Meeting Connector +# - +# - TCP 443,8801,8802 All Zoom Clients MeetingConnector.IP +# - MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +# - UDP 3478,3479,8801, All Zoom Clients MeetingConnector.IP +# - 8802 MeetingConnector.IP2 +# - MeetingConnector2.IP +# - MeetingConnector2.IP2 +# - +zoom_tcp_ports="$standard_zoom_tcp_ports" +zoom_udp_ports="$standard_zoom_udp_port_range" + + # ====== # - Jitsi Video Conference Service # ====== @@ -1412,6 +1435,7 @@ allow_mumble_request_out=true allow_alfaview_video_conference_out=true allow_bigbluebutton_video_conference_out=true allow_webex_video_conference_out=true +allow_zoom_video_conference_out=true allow_jitsi_video_conference_out=true allow_nc_talk_out=true diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 682df16..d365661 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -578,6 +578,7 @@ for _port in $ldap_tcp_ports ; do ldap_tcp_port_arr+=("$_port") done + # --- # - BigBlueButton Video Conference - adjust 'bigbluebutton_tcp_ports' # --- @@ -599,6 +600,29 @@ IFS=',' ; for _port in $_tmp_tcp_ports ; do done IFS="$CUR_IFS" + +# --- +# Zoom Meetings - Video Conference - adjust 'zoom_tcp_ports' +# --- +declare -a zoom_tcp_port_arr +CUR_IFS="$IFS" +_tmp_tcp_ports="$zoom_tcp_ports" +zoom_tcp_ports="" +declare -i count=0 +IFS=',' ; for _port in $_tmp_tcp_ports ; do + if containsElement "${_port}" "${standard_http_port_arr[@]}" ; then + continue + fi + if [[ $count -eq 0 ]]; then + zoom_tcp_ports="$_port" + else + zoom_tcp_ports="${zoom_tcp_ports},${_port}" + fi + ((count++)) +done +IFS="$CUR_IFS" + + # --- # - IPMI # --- diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index eb76db5..31126ac 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -3053,6 +3053,37 @@ else fi +# --- +# - Zoom Meeting - Video Conference Service out only +# --- + +echononl "\t\tZoom Meeting - Video Conference Service out only" + +if $allow_zoom_video_conference_out ; then + for _dev in ${ext_if_arr[@]} ; do + + if [[ -n $zoom_tcp_ports ]] ; then + + $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $zoom_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then + $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $zoom_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + fi + + + $ip6t -A OUTPUT -o $_dev -p udp -m multiport --dports $zoom_udp_ports -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then + $ip6t -A FORWARD -o $_dev -p udp -m multiport --dports $zoom_udp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + + done + echo_done +else + echo_skipped +fi + # --- # - Jitsi Video Conference Service out only diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 405c138..2bf8be5 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -3798,6 +3798,37 @@ else fi +# --- +# - Zoom Meeting - Video Conference Service out only +# --- + +echononl "\t\tZoom Meeting - Video Conference Service out only" + +if $allow_zoom_video_conference_out ; then + for _dev in ${ext_if_arr[@]} ; do + + if [[ -n $zoom_tcp_ports ]] ; then + + $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $zoom_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $zoom_tcp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + fi + + $ipt -A OUTPUT -o $_dev -p udp -m multiport --dports $zoom_udp_ports -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ipt -A FORWARD -o $_dev -p udp -m multiport --dports $zoom_udp_ports -m conntrack --ctstate NEW -j ACCEPT + fi + + done + echo_done +else + echo_skipped +fi + + # --- # - Jitsi Video Conference Service out only # ---