Ron F. wrote: > Hi PasTim, > > Assuming that one's server is running LMS on a Linux-based server, and > using netfilter/iptables for the firewall, then I found a couple of > things that might be useful... > > By default Stateful Packet Inspection is not enabled; however it can be > using conntrack, which enables netfilter connection tracking. This seems > a bit outside my wheelhouse, and I will have to do some studying to > understand how it works. > > Secondly, this article, specifically discussing UPnP SSDP, is more > accessible with my limited understanding of netfilter: > https://serverfault.com/questions/250797/stateful-matching-of-multicast-responses-in-iptables > > Thirdly, it is possible to track port scanning attempts using PSAD, and > it can generate new firewall rules to block access from outside machines > that might be attempting an intrusion, see: > https://blog.rapid7.com/2017/06/24/how-to-install-and-use-psad-ids-on-ubuntu-linux/ > > In retrospect, my earlier request I made to Philippe was not reasonable, > and I simply did not know enough to know it, so I apologize for that. > SSDP Discovery works in a particular way ... and that is the way it is. That's very interesting. I didn't know there were other tweaks you could make to firewalls in the manner suggested, granting temporary access after an initial request.
Let us know how you get on. I'm none too clever at much of this stuff, so I may not try myself for a while. The 2nd article seems to suggest that without doing anything else one may be able to get better protection for unpredictable UPnP ports. The third proposes yet more software, that I guess one has to trust, to protect against abuse of these (and other) open ports (however temporarily). Stuff to ponder. LMS 7.9.2 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO. LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers. Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers. Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones. Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver. ------------------------------------------------------------------------ PasTim's Profile: http://forums.slimdevices.com/member.php?userid=41642 View this thread: http://forums.slimdevices.com/showthread.php?t=103728 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
