From e3f190cd68a35d87d47fc2c584630fc3db8d89bc Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Mon, 4 Mar 2024 23:41:47 +0100 Subject: [PATCH] Update ports table according to WPB-2043 --- docs/src/how-to/install/sft.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/src/how-to/install/sft.md b/docs/src/how-to/install/sft.md index 9074bd93a21..dec1f3bf113 100644 --- a/docs/src/how-to/install/sft.md +++ b/docs/src/how-to/install/sft.md @@ -123,6 +123,7 @@ An SFT instance does **not** communicate with other SFT instances, TURN does tal Recapitulation table: ```{eval-rst} + +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Name | Origin | Destination | Direction | Protocol | Ports | Action (Policy) | Description | +============================+=============+=============+===========+==========+=============================================================================+======================================+===============================================================================================================================================================================================+ @@ -136,8 +137,19 @@ Recapitulation table: +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Allowing SFT media ingress | Any | Here | Incoming | UDP | 32768-61000 | Allow | Allow ports in the "Ephemeral range" (https://en.wikipedia.org/wiki/Ephemeral_port), defined by the Linux Kernel ass the range from ports 32768 to 61000, used for UDP transmission of media. | +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+ | -| Allowing SFT media egress | Here | Anny | Outgoing | UDP | 32768-61000 | Allow | | +| Allowing SFT media egress | Here | Any | Outgoing | UDP | 32768-61000 | Allow | | ++----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Federation traffic in | Any | Here | Incoming | UDP/DTLS | 9191 | Allow | The TURN-servers communicate via this port. Either encrypted or unencrypted. | ++----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+ | +| Federation traffic out | Here | Any | Outgoing | UDP/DTLS | 9191 | Allow | | ++----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Coturn control in | Any | Here | Incoming | TCP | 3478 | Allow | (STUN and TURN (TCP), helm setting: `coturn:coturnTurnListenPort`) | +----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Coturn control in (TLS) | Any | Here | Incoming | TCP/TLS | 3478 | Allow | (STUN and TURN (TLS via TCP), helm setting: `coturn:coturnTurnTlsListenPort`) | ++----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Coturn control in (UDP) | Any | Here | Incoming | UDP | 3478 | Allow | (STUN and TURN (UDP), helm setting: `coturn:coturnTurnListenPort`) | ++----------------------------+-------------+-------------+-----------+----------+-----------------------------------------------------------------------------+--------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + ``` *For more information, please refer to the source code of the Ansible role:* [sft-server](https://github.com/wireapp/ansible-sft/blob/develop/roles/sft-server/tasks/traffic.yml).