From dcbe4605bcc65cd8a028377f354dba557625adca Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 23 Apr 2020 15:12:29 +0200
Subject: [PATCH] Add outgoing ports needed by jitsi service (discover public
 address fronm stun services).

---
 conf/main_ipv4.conf.sample |  5 +++++
 conf/main_ipv6.conf.sample |  5 +++++
 ip6t-firewall-server       | 22 +++++++++++++++++++++-
 ipt-firewall-server        | 22 +++++++++++++++++++++-
 4 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample
index 27bd802..e86ceac 100644
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@@ -385,6 +385,11 @@ forward_jitsi_server_ips=""
 jitsi_tcp_ports="$standard_jitsi_tcp_ports"
 jitsi_udp_port_range="$standard_jitsi_udp_port_range"
 
+# - Jitsi (outgoing) Ports (STUN Services)
+# -
+jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+
 
 # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # -
diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample
index 4f23108..3f5d8f7 100644
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@@ -404,6 +404,11 @@ forward_jitsi_server_ips=""
 jitsi_tcp_ports="$standard_jitsi_tcp_ports"
 jitsi_udp_port_range="$standard_jitsi_udp_port_range"
 
+# - Jitsi (outgoing) Ports (STUN Services)
+# -
+jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
+jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
+
 
 # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # -
diff --git a/ip6t-firewall-server b/ip6t-firewall-server
index 60e2c2b..7c5d55b 100755
--- a/ip6t-firewall-server
+++ b/ip6t-firewall-server
@@ -1773,7 +1773,7 @@ fi
 # - Jitsi Video Conferencing Service
 # ---
 
-echononl "\t\tJitsi Video Conferencing Service"
+echononl "\t\tJitsi Video Conferencing Service Incoming Ports"
 
 
 if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@@ -1800,6 +1800,26 @@ else
    echo_skipped
 fi
 
+echononl "\t\tJitsi Video Conferencing Service Outgoing Ports"
+if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+   if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${jitsi_server_ip_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ip6t -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
+      for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
 
 # ---
 # - TURN Service (for NC Talk App)
diff --git a/ipt-firewall-server b/ipt-firewall-server
index 1ddd312..2d80f92 100755
--- a/ipt-firewall-server
+++ b/ipt-firewall-server
@@ -2019,7 +2019,7 @@ fi
 # - Jitsi Video Conferencing Service
 # ---
 
-echononl "\t\tJitsi Video Conferencing Service"
+echononl "\t\tJitsi Video Conferencing Service Incomming Ports"
 
 
 if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@@ -2046,6 +2046,26 @@ else
    echo_skipped
 fi
 
+echononl "\t\tJitsi Video Conferencing Service Outgoing Ports"
+if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+   if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${jitsi_server_ip_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ipt -A OUTPUT -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
+      for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
 
 # ---
 # - TURN Service (for NC Talk App)