Adjust support for TURN Server (NC App Talk).
This commit is contained in:
parent
9f2764c0ae
commit
450a9d5dcf
@ -49,6 +49,16 @@ standard_ipsec_nat_t=4500
|
||||
standard_http_ports="80,443"
|
||||
standard_mailuser_ports="587,465,110,995,143,993"
|
||||
|
||||
# - Jitsi Video Conference Service
|
||||
# -
|
||||
standard_jitsi_tcp_ports="$standard_http_ports"
|
||||
standard_jitsi_udp_port_range="10000:20000"
|
||||
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
# -
|
||||
standard_turn_service_ports="3478:3479,5349:5350"
|
||||
standard_turn_service_udp_ports="49152:65535"
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Predefined Ports
|
||||
|
||||
@ -383,7 +383,7 @@ forward_jitsi_server_ips=""
|
||||
# - comma separated list of ports/port ranges)
|
||||
# -
|
||||
jitsi_tcp_ports="$standard_http_ports"
|
||||
jitsi_udp_port_range="10000:20000"
|
||||
jitsi_udp_port_range="$standard_jitsi_udp_port_range"
|
||||
|
||||
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
@ -395,7 +395,8 @@ forward_nc_turn_server_ips=""
|
||||
# -
|
||||
# - comma separated list
|
||||
# -
|
||||
nc_turn_ports="3478:3479,5349:5350"
|
||||
nc_turn_ports="$standard_turn_service_ports"
|
||||
nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
|
||||
|
||||
# - TFTP Server
|
||||
|
||||
@ -402,7 +402,7 @@ forward_jitsi_server_ips=""
|
||||
# - comma separated list of ports/port ranges)
|
||||
# -
|
||||
jitsi_tcp_ports="$standard_http_ports"
|
||||
jitsi_udp_port_range="10000:20000"
|
||||
jitsi_udp_port_range="$standard_jitsi_udp_port_range"
|
||||
|
||||
|
||||
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
|
||||
@ -414,7 +414,8 @@ forward_nc_turn_server_ips=""
|
||||
# -
|
||||
# - comma separated list
|
||||
# -
|
||||
nc_turn_ports="3478:3479,5349:5350"
|
||||
nc_turn_ports="$standard_turn_service_ports"
|
||||
nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
|
||||
|
||||
# - TFTP Server
|
||||
|
||||
@ -1769,35 +1769,6 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Service (for NC Talk App)
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${nc_turn_server_ip_arr[@]} ; do
|
||||
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
|
||||
for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Jitsi Video Conferencing Service
|
||||
# ---
|
||||
@ -1830,6 +1801,37 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Service (for NC Talk App)
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${nc_turn_server_ip_arr[@]} ; do
|
||||
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
|
||||
for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Timeserver (Port 37 NOT NTP!)"
|
||||
# ---
|
||||
|
||||
@ -2015,35 +2015,6 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Service (for NC Talk App)
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${nc_turn_server_ip_arr[@]} ; do
|
||||
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
|
||||
$ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Jitsi Video Conferencing Service
|
||||
# ---
|
||||
@ -2076,6 +2047,37 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - TURN Service (for NC Talk App)
|
||||
# ---
|
||||
|
||||
echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${nc_turn_server_ip_arr[@]} ; do
|
||||
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
|
||||
$ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Timeserver (Port 37 NOT NTP!)"
|
||||
# ---
|
||||
|
||||
Loading…
Reference in New Issue
Block a user