diff --git a/conf/default_ports.conf b/conf/default_ports.conf index 91c2877..ba0fdc7 100644 --- a/conf/default_ports.conf +++ b/conf/default_ports.conf @@ -49,6 +49,16 @@ standard_ipsec_nat_t=4500 standard_http_ports="80,443" standard_mailuser_ports="587,465,110,995,143,993" +# - Jitsi Video Conference Service +# - +standard_jitsi_tcp_ports="$standard_http_ports" +standard_jitsi_udp_port_range="10000:20000" + +# - TURN Server (Stun Server) (for Nextcloud 'talk' app) +# - +standard_turn_service_ports="3478:3479,5349:5350" +standard_turn_service_udp_ports="49152:65535" + # ------------- # --- Predefined Ports diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index 6c0d67a..58d4148 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -383,7 +383,7 @@ forward_jitsi_server_ips="" # - comma separated list of ports/port ranges) # - jitsi_tcp_ports="$standard_http_ports" -jitsi_udp_port_range="10000:20000" +jitsi_udp_port_range="$standard_jitsi_udp_port_range" # - TURN Server (Stun Server) (for Nextcloud 'talk' app) @@ -395,7 +395,8 @@ forward_nc_turn_server_ips="" # - # - comma separated list # - -nc_turn_ports="3478:3479,5349:5350" +nc_turn_ports="$standard_turn_service_ports" +nc_turn_udp_ports="$standard_turn_service_udp_ports" # - TFTP Server diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index b64e825..840f8cb 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -402,7 +402,7 @@ forward_jitsi_server_ips="" # - comma separated list of ports/port ranges) # - jitsi_tcp_ports="$standard_http_ports" -jitsi_udp_port_range="10000:20000" +jitsi_udp_port_range="$standard_jitsi_udp_port_range" # - TURN Server (Stun Server) (for Nextcloud 'talk' app) @@ -414,7 +414,8 @@ forward_nc_turn_server_ips="" # - # - comma separated list # - -nc_turn_ports="3478:3479,5349:5350" +nc_turn_ports="$standard_turn_service_ports" +nc_turn_udp_ports="$standard_turn_service_udp_ports" # - TFTP Server diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 6f7c6a2..60e2c2b 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1769,35 +1769,6 @@ else fi -# --- -# - TURN Service (for NC Talk App) -# --- - -echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" - -if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then - - if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then - for _ip in ${nc_turn_server_ip_arr[@]} ; do - $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - done - fi - - if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then - for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do - $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - done - fi - - - echo_done -else - echo_skipped -fi - - # --- # - Jitsi Video Conferencing Service # --- @@ -1830,6 +1801,37 @@ else fi +# --- +# - TURN Service (for NC Talk App) +# --- + +echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" + +if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${nc_turn_server_ip_arr[@]} ; do + $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do + $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT + done + fi + + + echo_done +else + echo_skipped +fi + + # --- # - Timeserver (Port 37 NOT NTP!)" # --- diff --git a/ipt-firewall-server b/ipt-firewall-server index 351fd6d..1ddd312 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -2015,35 +2015,6 @@ else fi -# --- -# - TURN Service (for NC Talk App) -# --- - -echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" - -if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then - - if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then - for _ip in ${nc_turn_server_ip_arr[@]} ; do - $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - $ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - done - fi - - if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then - for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do - $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT - done - fi - - - echo_done -else - echo_skipped -fi - - # --- # - Jitsi Video Conferencing Service # --- @@ -2076,6 +2047,37 @@ else fi +# --- +# - TURN Service (for NC Talk App) +# --- + +echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" + +if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${nc_turn_server_ip_arr[@]} ; do + $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do + $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_udp_ports -m state --state NEW -j ACCEPT + done + fi + + + echo_done +else + echo_skipped +fi + + # --- # - Timeserver (Port 37 NOT NTP!)" # ---