Ron F. wrote: > Hi PasTim, > > Part of my problem, is that iptables has to be set up to use ipset. I > found this article: > https://www.linuxjournal.com/content/advanced-firewall-configurations-ipset > > In a nutshell, we have to install a module for iptables, so that it can > use sets created by using ipset: > sudo apt install xtables-addons-source > sudo module-assistant auto-install xtables-addons > > OK - great. It still doesn't work. I must be getting closer to properly > locking down the use of SSDP Discovery however. I don't know. Something > else is still missing. I got it working, but quite a lot of effort and googling was needed. I'm not sure this is really the thread for the details of this. I could PM you if you wish. Briefly: - sudo install ipset xtables-addons-source iptables-persistent netfilter-persistent - sudo module-assistant auto-install xtables-addons - create a service for ipset so as to be able to makes the settings persistent - see https://selivan.github.io/2018/07/27/ipset-save-with-ufw-and-iptables-persistent-and.html , and enable the service - add firewall rules (I use gufw) for ports 49152:49158 tcp for my network (nnn.nnn.nnn.0/24) (a range - I need several for my different upnp services) - these are needed to play music (not to detect players) - sudo ipset create upnp hash:ip,port timeout 3 - sudo ipset save > /etc/iptables/ipset (but I had to list the rule and edit it manually)
Then, on my ubuntu 18.04 system (but others may be different) - sudo iptables -I OUTPUT 4 -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist - sudo iptables -I INPUT 4 -p udp -m set --match-set upnp dst,dst -j ACCEPT I used rule 4, this is between ufw rules on OUTPUT and INPUT that seemed appropriate (using sudo iptables -L OUTPUT and so on). Using -A did not work for me. Once all working save iptables to be persistent over reboots: - sudo netfilter-persistent save I thinks that's it, but I may have missed something. Whether the firewall still works properly for everything else I still need to double-check. LMS 7.9.2 on PC, Xubuntu 18.04, FLACs 16->24 bit, 44.1->192kbps. 2 Touchs & EDO. LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (A308CR amp & ESLs) & Marantz CR603 UPnP renderers. Also Minimserver & Upplay to same & to upmpdcli/mpd PC renderers. Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones. Wireless Xubuntu 18.04 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver. ------------------------------------------------------------------------ PasTim's Profile: http://forums.slimdevices.com/member.php?userid=41642 View this thread: http://forums.slimdevices.com/showthread.php?t=103728 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
