Add to /etc/pf.conf
block out proto udp from any to any
block in proto udp from any to any
pass out proto udp from any to any port 53
pass in proto udp from any to any port 53
To apply:
sudo pfctl -f /etc/pf.conf
sudo pfctl -e
# Generated by iptables-save v1.8.7 on Mon Apr 25 06:01:03 2022
*filter
:INPUT ACCEPT [332:51864]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [308:400554]
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -j DROP
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p udp -j DROP
COMMIT
# Completed on Mon Apr 25 06:01:03 2022
Best practices for TURN configuration for Janus. On frontend app need to configure 2 ice servers:
- STUN any or google one. Sample:
stun:stun1.l.google.com:19302
. - TURN with TCP port and marker in URL. Sample:
turn:coturn.trembit.com:443?transport=tcp
. Note:?transport=tcp
.
On TURN need to enable TLS on 443 port. Sample: https://nextcloud-talk.readthedocs.io/en/turn_doc/TURN/#31-dtls-configuration