On Tue, 8 Feb 2022 18:13:44 -0600 Nate Bargmann <n...@n0nb.us> wrote:
> I am running Debian 11 with Shorewall Version: 5.2.3.4-1 on this > desktop. Along with other devices I have several Roku devices that > were added last year. In checking the logs I find a lot of entries > where packets from these devices are dropped at this host's firewall. > I guess it finally annoyed me enough that I started checking things > and found that the Chromium Web browser is sending queries for SSDP > and the Rokus are responding. I thought I just needed to add a rule > (my needs are simple so all my rules are under ?SECTION NEW) and I > found that adding a rule there did not open the firewall to the > responses. That is quite obvious if you check with command shorewall show macro SSDP shorewall show macro SSDPserver Macro SSDP is really useless because it doesn't allow SSDP responses. That's why SSDPserver macro was added. > Feb 08 13:36:09 host kernel: net-fw DROP IN=enp2s0 OUT= MAC= > SRC=192.168.0.63 DST=192.168.0.3 LEN=308 TOS=0x00 PREC=0x00 TTL=64 > ID=23664 DF PROTO=UDP SPT=1900 DPT=51822 LEN=288 So like this shows from source port 1900 on your lan packet was not allowed. > As I understand it, the queries are sent on the LAN to the broadcast > address of 239.255.255.250 and port 1900, but the responses are sent > to 192.168.0.3 and all replies are to a high port that changes every > two minutes as Chromium sends its requests which is the source of the > queries. This caused me to place the rules under ?SECTION UNTRACKED. 239.255.255.250 is multicast. Add following rule into NEW section and it should work for you. SSDPserver(ACCEPT) $FW net:192.168.0.0/24,239.255.255.250 Reason why this rule didn't work is this was NEW packet, not untracked. So alternive way would be to add this rule back but at this time to NEW section. > ACCEPT net:192.168.0.0/24 $FW udp - 1900 If you send packet to multicast address but you get response from unicast address, that is a new connection. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/>
pgp8rnmZd2la2.pgp
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
