firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust firewall scripts to support Jitsi Video Conferencing Service.

Browse Source
This commit is contained in:
Christoph 2020-03-17 22:59:01 +01:00
parent 93856c8fb3
commit 9d8983713c
2 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
ip6t-firewall-server
View File

@ -1748,7 +1748,7 @@ fi
echononl "\t\tMumble Service"
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || $local_mumble_service ; then
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${mumble_server_ip_arr[@]} ; do
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
@ -1769,6 +1769,38 @@ else
fi
# ---
# - Jitsi Video Conferencing Service
# ---
echononl "\t\tJitsi Video Conferencing Service"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
fi
$ip6t -A INPUT -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
fi
$ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT
done
fi
echo_done
else
echo_skipped
fi
# ---
# - Timeserver (Port 37 NOT NTP!)"
# ---

34
ipt-firewall-server
View File

@ -1994,7 +1994,7 @@ fi
echononl "\t\tMumble Service"
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || $local_mumble_service ; then
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${mumble_server_ip_arr[@]} ; do
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
@ -2015,6 +2015,38 @@ else
fi
# ---
# - Jitsi Video Conferencing Service
# ---
echononl "\t\tJitsi Video Conferencing Service"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
fi
$ipt -A INPUT -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
fi
$ipt -A FORWARD -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT
done
fi
echo_done
else
echo_skipped
fi
# ---
# - Timeserver (Port 37 NOT NTP!)"
# ---