I've set my wife up with fedora 18 and have had to disable firewalld in
order to allow her to watch stuff on our media server. I'd like to
configure things correctly though. It looks like we query the ssdp port
on the media server over udp and that reply is blocked.
This seems odd since the client sends an ssdp query to the server first.
I would have expected the RELATED,ESTABLISHED to match.
What's the right way to allow this to connect?
We are looking at firewalld just now for deployment in our environment.
One situation we have is that the Ethernet wired interface is set to
simply DHCP. This is used by users on our network and on public network.
Obviously we'd like to allow more ports open on our network than on a
public network. Our network would be zone "internal" and if not our
network would be zone "public", I'd guess.
The option of setting up two different wired setups won't work as users
cannot be relied on to switch to a public setting when off internal
Is there any way we can get firewalld to detect which type of network
it's on. This is probably analogous, I guess, to the way the windows
firewall has a "Domain networks" zone (which they auto detect). Or a way
we can give firewalld a helper script that can tell it which network
it's on. Or something else we haven't thought of...
At the moment we tackle this with using a custom NM dispatcher script
that detects our internal network (by doing an operations against
internal KDC's) and loading the correct firewall into iptables based on
this testing. So maybe this is the way, if firewalld is happy to allow
us, can we or should we force a zone from a dispatcher.d NM script to
switch to the correct zone.
A similar issue is we have a commercial VPN solution that doesn't work
through Network Manager, can we force a change to the zone (it can be
made to execute a script on connection) when the VPN comes up (the VPN
changes routing so all traffic goes via the VPN interface).
How do others tackle this?
This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.