diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index e86ceac..60de004 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -390,6 +390,12 @@ jitsi_udp_port_range="$standard_jitsi_udp_port_range" jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" +# - Jitsi Dovecot Authentication +# - +jitsi_dovecot_auth=false +jitsi_dovecot_host="" +jitsi_dovecot_port="444444" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 3f5d8f7..4ce52be 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -409,6 +409,12 @@ jitsi_udp_port_range="$standard_jitsi_udp_port_range" jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" +# - Jitsi Dovecot Authentication +# - +jitsi_dovecot_auth=false +jitsi_dovecot_host="" +jitsi_dovecot_port="444444" + # - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 7c5d55b..4328235 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -467,13 +467,13 @@ if [[ -f "$conf_ban_ipv6_list" ]] ; then for _dev in ${ext_if_arr[@]} ; do if $log_blocked_ip || $log_all ; then $ip6t -A INPUT -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: " - if $kernel_activate_forwarding ; then + if $kernel_forward_between_interfaces ; then $ip6t -A FORWARD -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: " fi fi $ip6t -A INPUT -i $_dev -s $_ip -j DROP - if $kernel_activate_forwarding ; then + if $kernel_forward_between_interfaces ; then $ip6t -A FORWARD -i $_dev -s $_ip -j DROP fi done @@ -1773,7 +1773,7 @@ fi # - Jitsi Video Conferencing Service # --- -echononl "\t\tJitsi Video Conferencing Service Incoming Ports" +echononl "\t\tJitsi Meet Video Conferencing Service Incoming Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then @@ -1800,7 +1800,7 @@ else echo_skipped fi -echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" +echononl "\t\tJitsi Meet Video Conferencing Service Outgoing Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then for _ip in ${jitsi_server_ip_arr[@]} ; do @@ -1820,6 +1820,24 @@ else echo_skipped fi +echononl "\t\tJitsi Meet Dovecot Authentication" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if $jitsi_dovecot_auth && [[ -n "$jitsi_dovecot_host" ]] && [[ -n "$jitsi_dovecot_port" ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + $ip6t -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + $ip6t -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT + fi + echo_done + else + echo_skipped + fi +else + echo_skipped +fi + # --- # - TURN Service (for NC Talk App) diff --git a/ipt-firewall-server b/ipt-firewall-server index 2d80f92..b48e3b2 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -2019,7 +2019,7 @@ fi # - Jitsi Video Conferencing Service # --- -echononl "\t\tJitsi Video Conferencing Service Incomming Ports" +echononl "\t\tJitsi Meet Video Conferencing Service Incomming Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then @@ -2046,7 +2046,7 @@ else echo_skipped fi -echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" +echononl "\t\tJitsi Meet Video Conferencing Service Outgoing Ports" if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then for _ip in ${jitsi_server_ip_arr[@]} ; do @@ -2055,7 +2055,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@ done fi - if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then for _ip in ${forward_jitsi_server_ip_arr[@]} ; do $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT @@ -2066,6 +2066,23 @@ else echo_skipped fi +echononl "\t\tJitsi Meet Dovecot Authentication" +if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then + if $jitsi_dovecot_auth && [[ -n "$jitsi_dovecot_host" ]] && [[ -n "$jitsi_dovecot_port" ]] ; then + if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then + $ipt -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT + fi + + if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then + $ipt -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT + fi + echo_done + else + echo_skipped + fi +else + echo_skipped +fi # --- # - TURN Service (for NC Talk App)