Add outgoing ports needed by jitsi service (discover public address fronm stun services).

2020-04-23 15:12:29 +02:00 · 2020-04-23 15:12:29 +02:00 · dcbe4605bc
commit dcbe4605bc
parent 400adea8e3
4 changed files with 52 additions and 2 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -385,6 +385,11 @@ forward_jitsi_server_ips=""
 jitsi_tcp_ports="$standard_jitsi_tcp_ports"
 jitsi_udp_port_range="$standard_jitsi_udp_port_range"

+# - Jitsi (outgoing) Ports (STUN Services)
+# -
+jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+

 # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # -
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -404,6 +404,11 @@ forward_jitsi_server_ips=""
 jitsi_tcp_ports="$standard_jitsi_tcp_ports"
 jitsi_udp_port_range="$standard_jitsi_udp_port_range"

+# - Jitsi (outgoing) Ports (STUN Services)
+# -
+jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+

 # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # -
--- a/22
+++ b/22
@ -1773,7 +1773,7 @@ fi
 # - Jitsi Video Conferencing Service
 # ---

-echononl "\t\tJitsi Video Conferencing Service"
+echononl "\t\tJitsi Video Conferencing Service Incoming Ports"


 if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@ -1800,6 +1800,26 @@ else
   echo_skipped
 fi

+echononl "\t\tJitsi Video Conferencing Service Outgoing Ports"
+if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+   if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${jitsi_server_ip_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ip6t -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
+      for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+

 # ---
 # - TURN Service (for NC Talk App)
--- a/22
+++ b/22
@ -2019,7 +2019,7 @@ fi
 # - Jitsi Video Conferencing Service
 # ---

-echononl "\t\tJitsi Video Conferencing Service"
+echononl "\t\tJitsi Video Conferencing Service Incomming Ports"


 if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@ -2046,6 +2046,26 @@ else
   echo_skipped
 fi

+echononl "\t\tJitsi Video Conferencing Service Outgoing Ports"
+if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+   if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${jitsi_server_ip_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ipt -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
+      for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+

 # ---
 # - TURN Service (for NC Talk App)