W3C home > Mailing lists > Public > public-webrtc@w3.org > October 2013

Re: Restrict local UDP ports in browser "advanded settings"

From: Harald Alvestrand <harald@alvestrand.no>
Date: Mon, 14 Oct 2013 08:22:56 +0200
Message-ID: <525B8DC0.6050307@alvestrand.no>
To: public-webrtc@w3.org
On 10/14/2013 06:34 AM, IƱaki Baz Castillo wrote:
> Hi,
>
> I have public IP in my computer which runs some UDP daemons (i.e. a
> SIP server). I don't want to expose such a SIP server to all the world
> so I set iptables to block incoming UDP traffic (unless it is in
> response to UDP traffic send from my computer to the exact origin of
> the incoming one).
>
> The problem is that with WebRTC I must be able to listen in any local
> UDP port, and thus I cannot set iptables.

WebRTC initialization should always begin with an ICE packet coming from 
your computer.
Doesn't it work to set "related" for UDP?

http://www.iptables.info/en/connection-state.html#UDPCONNECTIONS shows 
some description (and says that the default timeout is 180 seconds, 
which should be enough for WebRTC's choice of keepalives).

>
> So, should the browser include in "advanced settings" some kind of
> "rtp-port-min" and "rtp-port-max"? IHMO assuming "always NAT" is not
> good.
>
> Thanks a lot.
>
Received on Monday, 14 October 2013 06:23:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC