Possibility to disable TURN service

msbt

My Cloudrons host various .at domains and apparently the CERT.at (Computer Emergency Response Team) is very motivated to keep those domains "clean". I received multiple emails over the last few weeks that those domains/servers contain services that may be susceptible to hacking attacks:

2024-08-14T06:18:53+02;123.123.123.123;udp;3478;session traversal utilities for nat;my.example.at;;;;24940;DE;Nuremberg;vulnerable;ddos-amplifier;open-stun;;;;;shadowserver-accessible-stun-service;;;;"{""amplification"": 4.2, ""tag"": ""stun""}";;;https://cert.at/de/services/daten-feeds/vulnerable/#accessible-stun;
https://www.shadowserver.org/what-we-do/network-reporting/accessible-stun-service-report/

Unsure how to solve this and keep using voip apps, but as a first step it would be nice to have the option to disable the service/port without touching an external firewall if they're not in use.

joseph

A temporary workaround: docker stop turn . Some platform updates might turn back the turn service on though (when updating the turn docker image).