PasTim wrote: > Hi Ron F. I created a script using ufw commands to get my firewall back > to what I normally use, allowing various ports and source IPs for > non-LMS activities. I then reset my ufw and iptables firewalls > completely and started again, ran my script and saved all the settings. > I have, for now, completely disabled IPv6 since I don't understand it > properly (I have previously seen IPv6 exchanges on my home network and > had no idea what they were about). I then ran the ipset command, one > iptables OUTPUT and 4 iptables INPUT commands (one each for my 4 main > UPnP devices using -s to specify the IPs). This all works reasonably > predictably now, and I saved these additional settings. > > Using iptables -S I have noticed that port 1900 is already open to all > sending to the broadcast port, and this rule is before the INPUT > --match-set rules we added. I clearly don't understand the rules well > enough, since I thought the first matching rule ended the filtering, but > that doesn't seem to be the case. > > > Code: -------------------- > > > -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT > -------------------- > > > > My brain hurt for a while trying to understand your technique for > limiting the broadcasts, but I understand it now, and I don't think I > really need to do this. Nor do I need to worry about browsers, since > for the most part my music server runs headless. > > Having got UPnP sorted, I looked at using my experimental airplay and > chromecast players. They seem to be even less predictable in port > usage than UPnP, but I only implemented them to see whether they were > any better for my purpose. Neither currently now works having removed > all my generic ALLOW 30000:60000 rules. I will keep looking, out of > interest, but I won't try too hard! > > Philippe - As to documenting this for others I'm really not sure I > know enough to be precise enough to provide reliable solutions to > people who know as little or even less than I do. I'd be quite > interested to know what others have done on linux to get their systems > working. Do they use any firewall at all?
Hi PasTim, I think your use of an individual INPUT rule for each UPnP renderer using the "-s" option makes perfect sense. I am going to experiment using that too. I believe the chain, ufw-before-input, are rules that are applied first, before the rules created by using the ufw app are applied. I don't have any Airplay or Chromecast players currently, but I will try to look at what might be involved with Chromecast. *Living Room:* SB Touch + DIY PSU > CI Audio VDA.2 DAC + VAC.1 PSU > VRX.1 cables > Emotiva XSP-1 Gen 2 preamp + XPA-DR2 amp > Blue Jeans cables > B&W 804 speakers *Laptop:* System76 Galago + Ubuntu 16.04 + Squeezelite + Material Skin > ifi USB iSilencer > Audirect Beam DAC > Senn IE 80 earbuds *Bedroom:* Android Phone + SB Player + Squeeze Ctrl > Bluetooth > Bose SoundLink Revolve *Server:* Puget Systems Serenity + Ubuntu 18.04 + LMS 7.9.2 *Music:* Personal FLAC, Radio Paradise FLAC, Qobuz, Spotify ------------------------------------------------------------------------ Ron F.'s Profile: http://forums.slimdevices.com/member.php?userid=5616 View this thread: http://forums.slimdevices.com/showthread.php?t=103728 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
