Firewall rule for octo port 4096

I have configured octo for two different JMS frontends with multiple videobridges for backend. All of there are standalone hosts with public IP-s. It works. But now I’m wondering … Does UDP port 4096 on JVBs need to be open for all the world or just for the frontend hosts (jicofo)?

This port is used only by jvbs so it should be accessible only for the jvbs. You also want to protect the traffic if it is going over the Internet and if you are using colibri1. You can switch to colibri2 where traffic is encrypted but it also requires websockets between bridges.

How can I switch to colibri2? I do use Colibri websockets and IntraRegionBBridgeSelectionStrategy (I have only one region) and I’m seeing this in jicofo log:

... ColibriV1SessionManager.updateOctoRelays#540: Updating Octo relays: [
... BridgeSession.setRelays#359: Updating Octo relays for Bridge[jid=jvbbrewery@internal.auth....

You have to update to the latest Unstable or wait till the new Stable is pushed out (which should be very soon, if I’m not mistaken).