Allowing SSDP with FirewallD... Is it possible?
by Giovanni Santini
Good morning,
I was trying to switch in the last period from UFW to FirewallD, as it
is more well integrated in my GNOME setup and also seems much more
powerful than UFW.
The real problem for me is that I heavily use UPNP/SSDP to do port
mapping, so having a firewall that doesn't allow me to do that is a
problem for me.
I tried two different approaches: the first was to create some port
rules in the GTK application (firewall-config) and the second approach
was to create a service profile for SSDP.
None of these worked.
I digged in the generated iptables rules and this is the major result:
* UFW rule:
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:ssdp
ACCEPT udp -- anywhere anywhere udp spt:ssdp
* firewalld rule:
ACCEPT udp -- anywhere anywhere udp dpt:ssdp ctstate NEW
The relevant rule of UFW that makes everything works (manually added by
myself) is the second one.
The major difference I can spot is that the port is the source one and
not the destination one.
In firewall-config I found no option to set the source port. Is it
missing just in the frontend or completely? Is there any way I can
tackle this?
Thank you in advance.
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://github.com/ItachiSan
My code, again: https://gitlab.com/u/ItachiSan
My Twitter: https://twitter.com/santini__gio
My Facebook: https://www.facebook.com/giovanni.santini
My Google+: https://plus.google.com/+GiovanniSantini/
My GPG: 2FADEBF5
7 years, 9 months
Having a sticky DNS issue
by James Dehnert
Greetings All,
I am having a sticky DNS issue with my home system. I have a CentOS 7 box that does split domain DNS for inside and outside off my home network. My gateway is a ( crappy ) ATT ADSL modem, but all of the other port forwarding seems to be working just fine.
I am using the same slave DNS hosts that I have always used, but they can no longer connect to my DNS port.
I have my firewall set to use internal as my default zone. DNS is configured on the internal, external, public, and home zones, but still no luck.
I have a few questions.
1. Can I create a new zone, add the IP addresses of all off my DNS slave servers to it, and allow DNS through that way?
2. If I have just one network assigned to my default zone, say 192.168.10.0/24 does that mean all other networks are coming through the external zone?
3. Can I create a default zone for all traffic that is not otherwise specified? Like a default route. I can see adding 0.0.0.0/0 to the external zone, but there is no documentation that indicates that this will work.
4. Are there any good web sites that has more that the basic how-to use firewalld info? All I can find a basic tutorials!
I’ll stop there as I have probably overloaded this email anyway.
Thanks,
James "Zeke" Dehnert
--
mailto:jdehnert@gmail.com James "Zeke" Dehnert
-= Eschew Obfuscation =-
"Life is racing. Everything else is just waiting"
7 years, 9 months