Skip to content

Commit

Permalink
Merge pull request #3920 from wireapp/arthurwolf-WPB-2043-port-edit
Browse files Browse the repository at this point in the history 
Update ports table according to WPB-2043
  • Loading branch information
@arthurwolf
arthurwolf authored Apr 9, 2024
2 parents 84d361b + e3f190c commit c650c7e
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion docs/src/how-to/install/sft.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ An SFT instance does **not** communicate with other SFT instances, TURN does tal
Recapitulation table:

```{eval-rst}
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | Origin | Destination | Direction | Protocol | Ports | Action (Policy) | Description |
+============================+=============+=============+===========+==========+=============================================================================+======================================+===============================================================================================================================================================================================+
Expand All @@ -136,8 +137,19 @@ Recapitulation table:
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Allowing SFT media ingress | Any | Here | Incoming | UDP | 32768-61000 | Allow | Allow ports in the "Ephemeral range" (https://en.wikipedia.org/wiki/Ephemeral_port), defined by the Linux Kernel ass the range from ports 32768 to 61000, used for UDP transmission of media. |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+ |
| Allowing SFT media egress | Here | Anny | Outgoing | UDP | 32768-61000 | Allow | |
| Allowing SFT media egress | Here | Any | Outgoing | UDP | 32768-61000 | Allow | |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Federation traffic in | Any | Here | Incoming | UDP/DTLS | 9191 | Allow | The TURN-servers communicate via this port. Either encrypted or unencrypted. |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+ |
| Federation traffic out | Here | Any | Outgoing | UDP/DTLS | 9191 | Allow | |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Coturn control in | Any | Here | Incoming | TCP | 3478 | Allow | (STUN and TURN (TCP), helm setting: `coturn:coturnTurnListenPort`) |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Coturn control in (TLS) | Any | Here | Incoming | TCP/TLS | 3478 | Allow | (STUN and TURN (TLS via TCP), helm setting: `coturn:coturnTurnTlsListenPort`) |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Coturn control in (UDP) | Any | Here | Incoming | UDP | 3478 | Allow | (STUN and TURN (UDP), helm setting: `coturn:coturnTurnListenPort`) |
+----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

```

*For more information, please refer to the source code of the Ansible role:* [sft-server](https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/tasks/traffic.yml).

0 comments on commit c650c7e

Please sign in to comment.