- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Mon, 14 Oct 2013 08:22:56 +0200
- To: public-webrtc@w3.org
- Message-ID: <525B8DC0.6050307@alvestrand.no>
On 10/14/2013 06:34 AM, IƱaki Baz Castillo wrote: > Hi, > > I have public IP in my computer which runs some UDP daemons (i.e. a > SIP server). I don't want to expose such a SIP server to all the world > so I set iptables to block incoming UDP traffic (unless it is in > response to UDP traffic send from my computer to the exact origin of > the incoming one). > > The problem is that with WebRTC I must be able to listen in any local > UDP port, and thus I cannot set iptables. WebRTC initialization should always begin with an ICE packet coming from your computer. Doesn't it work to set "related" for UDP? http://www.iptables.info/en/connection-state.html#UDPCONNECTIONS shows some description (and says that the default timeout is 180 seconds, which should be enough for WebRTC's choice of keepalives). > > So, should the browser include in "advanced settings" some kind of > "rtp-port-min" and "rtp-port-max"? IHMO assuming "always NAT" is not > good. > > Thanks a lot. >
Received on Monday, 14 October 2013 06:23:26 UTC