Denied peer in coturn config?

hi, i just noticed that my jitsi instance was not available anymore when i tried to create a meeting with some friends. so i checked the config of my coturn, because i noticed some errors in the log (denied-peer-range). i found that jitsi replaced the complete coturn config with its own created coturn config and added a bunch of denied peer ranges.
why is that? i commented all of them and now it works again. but i have some doubt that this is a good idea (maybe a security problem?)

Did you perform an upgrade?

oh yes, forgot to mention, i did an upgrade - i do it nearly every day, running the nightly repo on debian 11

Yes that’s was updated for security reasons.
Your coturn server should be able to connect to your jvb using its public address and port 10000 udp and work with the denied peers.

coturn and jitsi run on a small server in my room. i use a dyndns service. must they run separately (different machines)?

Nope. Running on same machine is fine.

This means every time the IP changes you need to restart jvb. I would guess that is the reason it was not working with udp and it needed turn which was also not working with denied peers enabled because the bridge ip address was wrong and the turn server also cannot reach it.

i have a static ip (symmetric ftth)

Then can the turnserver access the 10000 udp port on the public address, probably your router is not allowing that … there are devices not allowing traffic from within the network to go back …
If that is the case you can leave the deny peer section jitsi-meet/turnserver.conf at 2174368d23e115781118b23ed6f00ce95ab30beb · jitsi/jitsi-meet · GitHub so you don’t get it again on next update.
And comment just the rule for jvb … its still some risk that someone can send random traffic to your internal network …