PasTim wrote: > Ron F. I tried this. > I removed my over-generous 30000:60000 port range access from a UPnP > device. > I installed ipset, and entered the 3 commands (under sudo) exactly as in > the article, ie: > > Code: -------------------- > > > sudo ipset create upnp hash:ip,port timeout 3 > sudo iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist > sudo iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT > -------------------- > > > My server sends broadcasts from its IP, a port like 53067 (for > instance) to 239.255.255.250 port 1900. > > However, the responses from a UPnP device, port 1900, to my server IP, > matching port 53067 (for instance), are blocked. When I quickly look > at > > Code: -------------------- > > > sudo ipset list upnp > -------------------- > > > > I see no entries (which I assumed were going to be transiently created > by the 1st iptables command) > > I have to admit that every time I look at a ufw log I seem to find > different things going on, so I can't be sure that the above is > consistent. > > Have you tried?
Hi PasTim, I have been playing with this and I cannot get it to work either. I increased the ipset timeout to 60 seconds, in case I was missing the creation of any temporary rules, and I have concluded that they are just not being created. I guess I have to do a lot more reading about how ipset works. I see the two rules that were added to iptables, according to the directions - and they look correct, but the setup is not working. Additionally, I see using Wireshark, that BubbpleUPnP sends a bunch of SSDP Notify messages to port 1900, without being prompted, when it starts up. I have port 1900 open on my server, but the UPnPBridge plugin does not appear to see them. It periodically sends out a SSDP M-Search broadcast, not aware that a bunch of Notify packets had been received on port 1900. Amusingly, psad is now telling me that my phone, running BubbleUPnP, because of all the port knocking going on during my testing, is potentially trying to hack into my server! *Living Room:* SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers *Laptop:* System76 Galago + Ubuntu 16.04 + Squeezelite + Material Skin > ifi USB iSilencer > Audirect Beam DAC > Senn IE 80 earbuds *Bedroom:* Android Phone + SB Player + Squeeze Ctrl > Bluetooth > Bose SoundLink Revolve *Server:* Puget Systems Serenity + Ubuntu 18.04 + LMS 7.9.2 *Music:* Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify ------------------------------------------------------------------------ Ron F.'s Profile: http://forums.slimdevices.com/member.php?userid=5616 View this thread: http://forums.slimdevices.com/showthread.php?t=103728 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
