feat: add coturn to matrix

2026-03-03 09:51:47 +01:00 · 2026-03-03 09:51:47 +01:00 · 709af80e73
commit 709af80e73
parent 8451acdd8f
6 changed files with 174 additions and 98 deletions
--- a/hosts/fw/modules/firewall.nix
+++ b/hosts/fw/modules/firewall.nix
@ -74,6 +74,9 @@
              # Allow returning traffic from wan and drop everthing else
              iifname "wan" ct state { established, related } accept comment "Allow established traffic"
              iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
+              iifname "wan" udp dport { 3478, 5349 } counter accept comment "TURN/STUN UDP"
+              iifname "wan" tcp dport { 3478, 5349 } counter accept comment "TURN/STUN TCP + TURNS/TLS"
+              iifname "wan" udp dport { 49152-49999 } counter accept comment "TURN relay UDP range"
              iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"

              limit rate 60/minute burst 100 packets log prefix "Input - Drop: " comment "Log any unmatched traffic"