firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support fpr Jitsi Meet Authentication agains dovecot.

Browse Source
This commit is contained in:
Christoph 2020-04-26 10:16:32 +02:00
parent dcbe4605bc
commit df10be0d45
4 changed files with 54 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
conf/main_ipv4.conf.sample
View File

@ -390,6 +390,12 @@ jitsi_udp_port_range="$standard_jitsi_udp_port_range"
jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
# - Jitsi Dovecot Authentication
# -
jitsi_dovecot_auth=false
jitsi_dovecot_host=""
jitsi_dovecot_port="444444"
# - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
# - # -

6
conf/main_ipv6.conf.sample
View File

@ -409,6 +409,12 @@ jitsi_udp_port_range="$standard_jitsi_udp_port_range"
jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446" jitsi_tcp_ports_out="$standard_turn_service_ports,4443,4444,4445,4446"
jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446" jitsi_udp_ports_out="$standard_http_ports,$standard_turn_service_ports,4443,4444,4445,4446"
# - Jitsi Dovecot Authentication
# -
jitsi_dovecot_auth=false
jitsi_dovecot_host=""
jitsi_dovecot_port="444444"
# - TURN Server (Stun Server) (for Nextcloud 'talk' app) # - TURN Server (Stun Server) (for Nextcloud 'talk' app)
# - # -

26
ip6t-firewall-server
View File

@ -467,13 +467,13 @@ if [[ -f "$conf_ban_ipv6_list" ]] ; then
for _dev in ${ext_if_arr[@]} ; do for _dev in ${ext_if_arr[@]} ; do
if $log_blocked_ip || $log_all ; then if $log_blocked_ip || $log_all ; then
$ip6t -A INPUT -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: " $ip6t -A INPUT -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: "
if $kernel_activate_forwarding ; then if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: " $ip6t -A FORWARD -i $_dev -s $_ip -j $LOG_TARGET $tag_log_prefix "$log_prefix Blocked: "
fi fi
fi fi
$ip6t -A INPUT -i $_dev -s $_ip -j DROP $ip6t -A INPUT -i $_dev -s $_ip -j DROP
if $kernel_activate_forwarding ; then if $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -i $_dev -s $_ip -j DROP $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
fi fi
done done
@ -1773,7 +1773,7 @@ fi
# - Jitsi Video Conferencing Service # - Jitsi Video Conferencing Service
# --- # ---
echononl "\t\tJitsi Video Conferencing Service Incoming Ports" echononl "\t\tJitsi Meet Video Conferencing Service Incoming Ports"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@ -1800,7 +1800,7 @@ else
echo_skipped echo_skipped
fi fi
echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" echononl "\t\tJitsi Meet Video Conferencing Service Outgoing Ports"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_server_ip_arr[@]} ; do for _ip in ${jitsi_server_ip_arr[@]} ; do
@ -1820,6 +1820,24 @@ else
echo_skipped echo_skipped
fi fi
echononl "\t\tJitsi Meet Dovecot Authentication"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if $jitsi_dovecot_auth && [[ -n "$jitsi_dovecot_host" ]] && [[ -n "$jitsi_dovecot_port" ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
$ip6t -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
echo_done
else
echo_skipped
fi
else
echo_skipped
fi
# --- # ---
# - TURN Service (for NC Talk App) # - TURN Service (for NC Talk App)

23
ipt-firewall-server
View File

@ -2019,7 +2019,7 @@ fi
# - Jitsi Video Conferencing Service # - Jitsi Video Conferencing Service
# --- # ---
echononl "\t\tJitsi Video Conferencing Service Incomming Ports" echononl "\t\tJitsi Meet Video Conferencing Service Incomming Ports"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
@ -2046,7 +2046,7 @@ else
echo_skipped echo_skipped
fi fi
echononl "\t\tJitsi Video Conferencing Service Outgoing Ports" echononl "\t\tJitsi Meet Video Conferencing Service Outgoing Ports"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_server_ip_arr[@]} ; do for _ip in ${jitsi_server_ip_arr[@]} ; do
@ -2055,7 +2055,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
done done
fi fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
$ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT $ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
$ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT $ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
@ -2066,6 +2066,23 @@ else
echo_skipped echo_skipped
fi fi
echononl "\t\tJitsi Meet Dovecot Authentication"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] ; then
if $jitsi_dovecot_auth && [[ -n "$jitsi_dovecot_host" ]] && [[ -n "$jitsi_dovecot_port" ]] ; then
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] ; then
$ipt -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
$ipt -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
echo_done
else
echo_skipped
fi
else
echo_skipped
fi
# --- # ---
# - TURN Service (for NC Talk App) # - TURN Service (for NC Talk App)