diff --git a/conf/default_basic_behavior.conf b/conf/default_basic_behavior.conf index 89ab11f..a7b9674 100644 --- a/conf/default_basic_behavior.conf +++ b/conf/default_basic_behavior.conf @@ -31,6 +31,9 @@ allow_remote_console_request_out=true allow_mumble_request_out=true allow_outbound_streaming=true allow_echo360_video_streaming=true + +allow_ip_camera_out=true + allow_bigbluebutton_video_conference_out=true allow_ms_skype_teams_out=true allow_webex_video_conference_out=true diff --git a/conf/default_ports.conf b/conf/default_ports.conf index 5376d7d..e6fae32 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -185,6 +185,18 @@ standard_outbound_streaming_udp_ports="2088,10349,19302:19309" standard_echo360_udp_ports="64936:65535" +# - IP Camera +# - +# - TCP: 37777 +# - UDP: 37778 +# - RTSP: 554 (UDP + TCP) +# - HTTP: 80 +# - HTTPS: 443 +# - +standard_ip_camera_tcp_ports="80,443,554,37777" +standard_ip_camera_udp_ports="554,37778" + + # - BigBlueButton Video Conference Service # - diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index e65a7aa..132ef25 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -938,6 +938,16 @@ snmp_trap_port="$standard_snmp_trap_port" mumble_ports="64738" +# ====== +# - IP Camera +# ====== + +# - IP Camera Ports +# - +ip_camera_tcp_ports="$standard_ip_camera_tcp_ports" +ip_camera_udp_ports="$standard_ip_camera_udp_ports" + + # ====== # - BigBlueButton Video Conference Service # ====== diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 836151f..0358892 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -909,6 +909,16 @@ snmp_trap_port="$standard_snmp_trap_port" mumble_ports="64738" +# ====== +# - IP Camera +# ====== + +# - IP Camera Ports +# - +ip_camera_tcp_ports="$standard_ip_camera_tcp_ports" +ip_camera_udp_ports="$standard_ip_camera_udp_ports" + + # ====== # - BigBlueButton Video Conference Service # ====== diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 3b78d64..3968809 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -1097,6 +1097,45 @@ done IFS="$CUR_IFS" +# --- +# - IP Camera +# --- + +declare -a ip_camera_tcp_port_arr=() +CUR_IFS="$IFS" +IFS=',' ; for _port in $ip_camera_tcp_ports ; do + + if containsElement "${_port}" "${out_tcp_port_arr[@]}" ; then + continue + fi + + ip_camera_tcp_port_arr+=("$_port") + + if $allow_ip_camera_out ; then + out_tcp_port_arr+=("$_port") + fi + +done +IFS="$CUR_IFS" + +declare -a ip_camera_udp_port_arr=() +CUR_IFS="$IFS" +IFS=',' ; for _port in $ip_camera_udp_ports ; do + + if containsElement "${_port}" "${out_udp_port_arr[@]}" ; then + continue + fi + + ip_camera_udp_port_arr+=("$_port") + + if $allow_ip_camera_out ; then + out_udp_port_arr+=("$_port") + fi + +done +IFS="$CUR_IFS" + + # --- # - BigBlueButton Video Conference Service # --- diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 6701769..babf81c 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -3838,6 +3838,41 @@ else fi +# --- +# - IP Camera Service out only +# --- + +echononl "\t\tIP Camera Service out Service out only" + +if $allow_ip_camera_out ; then + for _dev in ${ext_if_arr[@]} ; do + + for _port in ${ip_camera_tcp_port_arr[@]} ; do + + $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then + $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + fi + + done + + for _port in ${ip_camera_udp_port_arr[@]} ; do + + $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then + $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + fi + done + + done + echo_done +else + echo_skipped +fi + + # --- # - BigBlueButton Video Conference Service out only # --- diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index a8a3021..20689b5 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -4649,6 +4649,41 @@ else fi +# --- +# - IP Camera Service out only +# --- + +echononl "\t\tIP Camera Service out Service out only" + +if $allow_ip_camera_out ; then + for _dev in ${ext_if_arr[@]} ; do + + for _port in ${ip_camera_tcp_port_arr[@]} ; do + + $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + fi + + done + + for _port in ${ip_camera_udp_port_arr[@]} ; do + + $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + + if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then + $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT + fi + done + + done + echo_done +else + echo_skipped +fi + + # --- # - BigBlueButton Video Conference Service out only # ---