firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add support for Jibri Streamin/Recording.

Browse Source
This commit is contained in:
Christoph 2020-05-16 13:42:22 +02:00
parent b24dcf0a3d
commit fbe1089099
6 changed files with 162 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/default_ports.conf
View File

@ -59,6 +59,10 @@ standard_jitsi_tcp_ports="$standard_http_ports"
standard_jitsi_udp_port_range="10000:20000"
default_jitsi_dovecout_auth_port="$dovecot_external_auth_port"
# - Jibri Service
# -
default_jibri_out_port=5222
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
# -

22
conf/main_ipv4.conf.sample
View File

@ -403,6 +403,28 @@ jitsi_dovecot_auth=false
jitsi_dovecot_host=""
jitsi_dovecot_port="$default_jitsi_dovecout_auth_port"
# - Jibri extern Client Recording / Streamin
# -
jitsi_jibri_remote_auth=false
# - Remote Jibri servers
# -
# - blank separated list of ipv4 addresses
# -
jitsi_jibri_remote_ips=""
jitsi_jibri_remote_auth_port="$default_jibri_out_port"
# - Jibri Recording / Streaming Service
# -
# - blank separated list of ipv4 addresse
# -
jibri_server_ips=""
# - blank separated list of ipv4 addresse
# -
forward_jibri_server_ips=""
jibri_remote_jitsi_server=""
jibri_remote_auth_port="$default_jibri_out_port"
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
# -

22
conf/main_ipv6.conf.sample
View File

@ -422,6 +422,28 @@ jitsi_dovecot_auth=false
jitsi_dovecot_host=""
jitsi_dovecot_port="$default_jitsi_dovecout_auth_port"
# - Jibri extern Client Recording / Streamin
# -
jitsi_jibri_remote_auth=false
# - Remote Jibri servers
# -
# - colon separated list of ipv6 addresses
# -
jitsi_jibri_remote_ips=""
jitsi_jibri_remote_auth_port="$default_jibri_out_port"
# - Jibri Recording / Streaming Service
# -
# - colon separated list of ipv6 addresses
# -
jibri_server_ips=""
# - colon separated list of ipv6 addresses
# -
forward_jibri_server_ips=""
jibri_remote_jitsi_server=""
jibri_remote_auth_port="$default_jibri_out_port"
# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
# -

21
conf/post_decalrations.conf
View File

@ -315,6 +315,27 @@ for _ip in $forward_jitsi_server_ips ; do
forward_jitsi_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Remote Jibri Server
# ---
declare -a jitsi_jibri_remote_ip_arr
for _ip in $jitsi_jibri_remote_ips ; do
jitsi_jibri_remote_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Jibri Recording / Streaming Server
# ---
declare -a jibri_server_ip_arr
for _ip in $jibri_server_ips ; do
jibri_server_ip_arr+=("$_ip")
done
# DMZ
declare -a forward_jibri_server_ip_arr
for _ip in $forward_jibri_server_ips ; do
forward_jibri_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses TURN Server (Stun Server) (for Nextcloud 'talk' app)
# ---

50
ip6t-firewall-server
View File

@ -1756,7 +1756,7 @@ if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr
done
fi
if [[ ${#forward_mumble_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
if [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_mumble_server_ip_arr[@]} ; do
$ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
$ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
@ -1786,7 +1786,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
@ -1809,7 +1809,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
$ip6t -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
$ip6t -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
@ -1827,7 +1827,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
$ip6t -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_forward_between_interfaces ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
$ip6t -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
echo_done
@ -1838,6 +1838,48 @@ else
echo_skipped
fi
echononl "\t\tJitsi Remote Jibri Client"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] \
&& $jitsi_jibri_remote_auth \
&& [[ ${#jitsi_jibri_remote_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_jibri_remote_ip_arr[@]} ; do
$ip6t -A INPUT -p tcp -s $_ip --dport $jitsi_jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
echo_done
else
echo_skipped
fi
# ---
# - Jibri Recording / Streaming Service
# ---
echononl "\t\tJibri Recording / Streaming Service"
if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]]; then
if [[ -z "$jibri_remote_jitsi_server" ]]; then
echo_skipped
else
if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jibri_server_ip_arr[@]} ; do
$ip6t -A OUTPUT -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
fi
if [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_jibri_server_ip_arr[@]} ; do
$ip6t -A FORWARD -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
fi
echo_done
fi
else
echo_skipped
fi
# ---
# - TURN Service (for NC Talk App)

51
ipt-firewall-server
View File

@ -2002,7 +2002,7 @@ if [[ ${#mumble_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_mumble_server_ip_arr
done
fi
if [[ ${#forward_mumble_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
if [[ ${#forward_mumble_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_mumble_server_ip_arr[@]} ; do
$ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
$ipt -A FORWARD -p udp -d $_ip -m multiport --dports $mumble_ports -m state --state NEW -j ACCEPT
@ -2032,7 +2032,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
if ! containsElement "$_ip" "${http_server_ip_arr[@]}" || [[ "$jitsi_tcp_ports" != "$standard_http_ports" ]] ; then
$ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $jitsi_tcp_ports -m state --state NEW -j ACCEPT
@ -2055,7 +2055,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
done
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_jitsi_server_ip_arr[@]} ; do
$ipt -A FORWARD -p tcp -s $_ip -m multiport --dports $jitsi_tcp_ports_out -m state --state NEW -j ACCEPT
$ipt -A FORWARD -p udp -s $_ip -m multiport --dports $jitsi_udp_ports_out -m state --state NEW -j ACCEPT
@ -2073,7 +2073,7 @@ if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jitsi_server_ip_arr[@
$ipt -A OUTPUT -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
if [[ ${#forward_jitsi_server_ip_arr[@]} ]] && $kernel_activate_forwarding ; then
if [[ ${#forward_jitsi_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
$ipt -A FORWARD -p tcp -d $jitsi_dovecot_host --dport $jitsi_dovecot_port -m state --state NEW -j ACCEPT
fi
echo_done
@ -2084,6 +2084,49 @@ else
echo_skipped
fi
echononl "\t\tJitsi Remote Jibri Client"
if [[ ${#jitsi_server_ip_arr[@]} -gt 0 ]] \
&& $jitsi_jibri_remote_auth \
&& [[ ${#jitsi_jibri_remote_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jitsi_jibri_remote_ip_arr[@]} ; do
$ipt -A INPUT -p tcp -s $_ip --dport $jitsi_jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
echo_done
else
echo_skipped
fi
# ---
# - Jibri Recording / Streaming Service
# ---
echononl "\t\tJibri Recording / Streaming Service"
if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]]; then
if [[ -z "$jibri_remote_jitsi_server" ]]; then
echo_skipped
else
if [[ ${#jibri_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${jibri_server_ip_arr[@]} ; do
$ipt -A OUTPUT -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
fi
if [[ ${#forward_jibri_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
for _ip in ${forward_jibri_server_ip_arr[@]} ; do
$ipt -A FORWARD -p tcp -d $jibri_remote_jitsi_server --dport $jibri_remote_auth_port -m state --state NEW -j ACCEPT
done
fi
echo_done
fi
else
echo_skipped
fi
# ---
# - TURN Service (for NC Talk App)
# ---