diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index 27bd802..e86ceac 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -385,6 +385,11 @@ forward_jitsi_server_ips="" jitsi_tcp_ports="$standard_jitsi_tcp_ports" jitsi_udp_port_range="$standard_jitsi_udp_port_range" +# - Jitsi (outgoing) Ports (STUN Services) +# - +jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" +jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 4f23108..3f5d8f7 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -404,6 +404,11 @@ forward_jitsi_server_ips="" jitsi_tcp_ports="$standard_jitsi_tcp_ports" jitsi_udp_port_range="$standard_jitsi_udp_port_range" +# - Jitsi (outgoing) Ports (STUN Services) +# - +jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" +jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 60e2c2b..7c5d55b 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1773,7 +1773,7 @@ fi # - Jitsi Video Conferencing Service # --- -echononl "\t\tJitsi Video Conferencing Service" +echononl "\t\tJitsi Video Conferencing Service Incoming Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then @@ -1800,6 +1800,26 @@ else echo_skipped fi +echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_server_ip_arr[@]} ; do + $ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT + $ip6t -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_jitsi_server_ip_arr[@]} ; do + $ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT + $ip6t -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT + done + fi + echo_done +else + echo_skipped +fi + # --- # - TURN Service (for NC Talk App) diff --git a/ipt-firewall-server b/ipt-firewall-server index 1ddd312..2d80f92 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -2019,7 +2019,7 @@ fi # - Jitsi Video Conferencing Service # --- -echononl "\t\tJitsi Video Conferencing Service" +echononl "\t\tJitsi Video Conferencing Service Incomming Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then @@ -2046,6 +2046,26 @@ else echo_skipped fi +echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${jitsi_server_ip_arr[@]} ; do + $ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT + $ipt -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_jitsi_server_ip_arr[@]} ; do + $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT + $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT + done + fi + echo_done +else + echo_skipped +fi + # --- # - TURN Service (for NC Talk App)