From 9d8983713cfac686687f02daef7370492741b395 Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 17 Mar 2020 22:59:01 +0100 Subject: [PATCH] Adjust firewall scripts to support Jitsi Video Conferencing Service. --- ip6t-firewall-server | 34 +++++++++++++++++++++++++++++++++- ipt-firewall-server | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/ip6t-firewall-server b/ip6t-firewall-server index fa8295e..c97193e 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1748,7 +1748,7 @@ fi echononl "\t\tMumble Service" -if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || $local_mumble_service ; then +if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] ; then for _ip in ${mumble_server_ip_arr[@]} ; do $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT @@ -1769,6 +1769,38 @@ else fi +# --- +# - Jitsi Video Conferencing Service +# --- + +echononl "\t\tJitsi Video Conferencing Service" + + +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_server_ip_arr[@]} ; do + if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT + fi + $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_jitsi_server_ip_arr[@]} ; do + if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT + fi + $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT + done + fi + + echo_done +else + echo_skipped +fi + + # --- # - Timeserver (Port 37 NOT NTP!)" # --- diff --git a/ipt-firewall-server b/ipt-firewall-server index 4fc5d1c..5964f44 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -1994,7 +1994,7 @@ fi echononl "\t\tMumble Service" -if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || $local_mumble_service ; then +if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] ; then for _ip in ${mumble_server_ip_arr[@]} ; do $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT @@ -2015,6 +2015,38 @@ else fi +# --- +# - Jitsi Video Conferencing Service +# --- + +echononl "\t\tJitsi Video Conferencing Service" + + +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_server_ip_arr[@]} ; do + if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT + fi + $ipt -A INPUT -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + for _ip in ${forward_jitsi_server_ip_arr[@]} ; do + if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then + $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT + fi + $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $jitsi_udp_port_range -m state --state NEW -j ACCEPT + done + fi + + echo_done +else + echo_skipped +fi + + # --- # - Timeserver (Port 37 NOT NTP!)" # ---