Here is the rule that i have. it seems to work for me and it slightly different from yours. # cat direct.xml <?xml version="1.0" encoding="utf-8"?> <direct> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT">-m mac --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> </direct> of course you got to use your own mac address. sam On 10/03/2014 12:10 PM, Geoffrey Leach wrote: > First, let it be known that I am completely ignorant of the principles of operation of firewallD, and hope to remain so. > > that said, I have a device (known to wok Silicon Dust HD Home Run) that is hard-wired to the ethernet port on another system. Installing Fedora 19 has interfered with this. > > In order to open the firewall to this connection, I have followed the advice of > Michael Hannon (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) and have constructed /etc/firewalld/direct.xml as follows: > > <?xml version="1.0" encoding="utf-8"?> > <direct> > <passthrough ipv="ipv4">-t filter -A IN_internal_allow -m mac --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> > </direct> > > This did not suddenly fix the connection problem :-), but it would be nice to be able to validate this. Using firewall-cmd to reload firewalld resulted in no errors but what do I know? > > So, the intended function of this code is to open the firewall to connections involving the device with MAC address 00:18:DD:01:4A:E7. Is that correct? > > Should I be able to find this somewhere in the firewall-config menus? > > Thanks. > _______________________________________________ > firewalld-users mailing list > firewalld-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/firewalld-users _______________________________________________ firewalld-users mailing list firewalld-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

"rules" , but there it is. As entered.

Yes it shows up in the gui. firewall-config -> public zone -> "direct configuration" tab -> "rules" sub tab. I hope that helps. On 10/03/2014 05:16 PM, Geoffrey Leach wrote: > Thanks. I tried your code,but it did not change my status. No reflection on the code, of course! > > Can you say if your code should show up anywhere in the firewall GUI, so that I can convince myself that it's actually been processed? > > > On 10/03/2014 11:56:28 AM, Samuel Irlapati wrote: >> Here is the rule that i have. it seems to work for me and it slightly >> different from yours. >> >> # cat direct.xml >> <?xml version="1.0" encoding="utf-8"?> >> <direct> >> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT">-m mac >> --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> >> </direct> >> >> of course you got to use your own mac address. >> sam >> >> >> On 10/03/2014 12:10 PM, Geoffrey Leach wrote: >>> First, let it be known that I am completely ignorant of the >> principles of operation of firewallD, and hope to remain so. >>> that said, I have a device (known to wok Silicon Dust HD Home Run) >> that is hard-wired to the ethernet port on another system. Installing >> Fedora 19 has interfered with this. >>> In order to open the firewall to this connection, I have followed >> the advice of >>> Michael Hannon (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) >> and have constructed /etc/firewalld/direct.xml as follows: >>> <?xml version="1.0" encoding="utf-8"?> >>> <direct> >>> <passthrough ipv="ipv4">-t filter -A IN_internal_allow -m mac >> --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> >>> </direct> >>> >>> This did not suddenly fix the connection problem :-), but it would >> be nice to be able to validate this. Using firewall-cmd to reload >> firewalld resulted in no errors but what do I know? >>> So, the intended function of this code is to open the firewall to >> connections involving the device with MAC address 00:18:DD:01:4A:E7. >> Is that correct? >>> Should I be able to find this somewhere in the firewall-config >> menus? >>> Thanks. >>> _______________________________________________ >>> firewalld-users mailing list >>> firewalld-users(a)lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> _______________________________________________ >> firewalld-users mailing list >> firewalld-users(a)lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> > > _______________________________________________ > firewalld-users mailing list > firewalld-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/firewalld-users _______________________________________________ firewalld-users mailing list firewalld-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

Yes, Anything from that MAC address should be allowed. Is that working for you? Are you trying the program hdhomerun_config_gui to see if it has connected? On 10/03/2014 06:53 PM, Geoffrey Leach wrote: > Ah! On (Fedora 19) version 0.3.9.3, its View -> "direct configuration" tab -> >> "rules" , but there it is. As entered. > So, is it correct, then (pardon the restatement) that this says to firewalld ignore anything to/from this MAC address? > > And for my education, where did you find out about this coding? > > Many thanks! > > > On 10/03/2014 04:12:06 PM, Sam Irlapati wrote: >> Yes it shows up in the gui. >> >> firewall-config -> public zone -> "direct configuration" tab -> >> "rules" >> sub tab. >> >> I hope that helps. >> >> On 10/03/2014 05:16 PM, Geoffrey Leach wrote: >>> Thanks. I tried your code,but it did not change my status. No >> reflection on the code, of course! >>> Can you say if your code should show up anywhere in the firewall >> GUI, so that I can convince myself that it's actually been processed? >>> >>> On 10/03/2014 11:56:28 AM, Samuel Irlapati wrote: >>>> Here is the rule that i have. it seems to work for me and it >> slightly >>>> different from yours. >>>> >>>> # cat direct.xml >>>> <?xml version="1.0" encoding="utf-8"?> >>>> <direct> >>>> <rule priority="0" table="filter" ipv="ipv4" chain="INPUT">-m >> mac >>>> --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> >>>> </direct> >>>> >>>> of course you got to use your own mac address. >>>> sam >>>> >>>> >>>> On 10/03/2014 12:10 PM, Geoffrey Leach wrote: >>>>> First, let it be known that I am completely ignorant of the >>>> principles of operation of firewallD, and hope to remain so. >>>>> that said, I have a device (known to wok Silicon Dust HD Home Run) >>>> that is hard-wired to the ethernet port on another system. >> Installing >>>> Fedora 19 has interfered with this. >>>>> In order to open the firewall to this connection, I have followed >>>> the advice of >>>>> Michael Hannon (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) >>>> and have constructed /etc/firewalld/direct.xml as follows: >>>>> <?xml version="1.0" encoding="utf-8"?> >>>>> <direct> >>>>> <passthrough ipv="ipv4">-t filter -A IN_internal_allow -m >> mac >>>> --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> >>>>> </direct> >>>>> >>>>> This did not suddenly fix the connection problem :-), but it >> would >>>> be nice to be able to validate this. Using firewall-cmd to reload >>>> firewalld resulted in no errors but what do I know? >>>>> So, the intended function of this code is to open the firewall to >>>> connections involving the device with MAC address >> 00:18:DD:01:4A:E7. >>>> Is that correct? >>>>> Should I be able to find this somewhere in the firewall-config >>>> menus? >>>>> Thanks. >>>>> _______________________________________________ >>>>> firewalld-users mailing list >>>>> firewalld-users(a)lists.fedorahosted.org >>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> _______________________________________________ >>>> firewalld-users mailing list >>>> firewalld-users(a)lists.fedorahosted.org >>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> >>> _______________________________________________ >>> firewalld-users mailing list >>> firewalld-users(a)lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> _______________________________________________ >> firewalld-users mailing list >> firewalld-users(a)lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> > > _______________________________________________ > firewalld-users mailing list > firewalld-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/firewalld-users _______________________________________________ firewalld-users mailing list firewalld-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

I am on fedora 20. I can remove the rule i have and try "hdhomerun_config discover" and it says no devices found". When i add the rule back and run the command, it finds the device. I would check to be sure you have the right mac address. On 10/04/2014 03:17 PM, Geoffrey Leach wrote: > Thanks for the reassurance. > > Alas, hdhomerun_config discover still says "no devices found". Very > trying. > > On 10/04/2014 09:46:34 AM, Sam Irlapati wrote: >> Yes, Anything from that MAC address should be allowed. Is that working >> >> for you? Are you trying the program hdhomerun_config_gui to see if it >> has connected? >> >> On 10/03/2014 06:53 PM, Geoffrey Leach wrote: >>> Ah! On (Fedora 19) version 0.3.9.3, its View -> "direct >> configuration" tab -> >>>> "rules" , but there it is. As entered. >>> So, is it correct, then (pardon the restatement) that this says to >> firewalld ignore anything to/from this MAC address? >>> And for my education, where did you find out about this coding? >>> >>> Many thanks! >>> >>> >>> On 10/03/2014 04:12:06 PM, Sam Irlapati wrote: >>>> Yes it shows up in the gui. >>>> >>>> firewall-config -> public zone -> "direct configuration" tab -> >>>> "rules" >>>> sub tab. >>>> >>>> I hope that helps. >>>> >>>> On 10/03/2014 05:16 PM, Geoffrey Leach wrote: >>>>> Thanks. I tried your code,but it did not change my status. No >>>> reflection on the code, of course! >>>>> Can you say if your code should show up anywhere in the firewall >>>> GUI, so that I can convince myself that it's actually been >> processed? >>>>> On 10/03/2014 11:56:28 AM, Samuel Irlapati wrote: >>>>>> Here is the rule that i have. it seems to work for me and it >>>> slightly >>>>>> different from yours. >>>>>> >>>>>> # cat direct.xml >>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>> <direct> >>>>>> <rule priority="0" table="filter" ipv="ipv4" >> chain="INPUT">-m >>>> mac >>>>>> --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> >>>>>> </direct> >>>>>> >>>>>> of course you got to use your own mac address. >>>>>> sam >>>>>> >>>>>> >>>>>> On 10/03/2014 12:10 PM, Geoffrey Leach wrote: >>>>>>> First, let it be known that I am completely ignorant of the >>>>>> principles of operation of firewallD, and hope to remain so. >>>>>>> that said, I have a device (known to wok Silicon Dust HD Home >> Run) >>>>>> that is hard-wired to the ethernet port on another system. >>>> Installing >>>>>> Fedora 19 has interfered with this. >>>>>>> In order to open the firewall to this connection, I have >> followed >>>>>> the advice of >>>>>>> Michael Hannon >>>>>>> (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) >>>>>> and have constructed /etc/firewalld/direct.xml as follows: >>>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>>> <direct> >>>>>>> <passthrough ipv="ipv4">-t filter -A IN_internal_allow >> -m >>>> mac >>>>>> --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> >>>>>>> </direct> >>>>>>> >>>>>>> This did not suddenly fix the connection problem :-), but it >>>> would >>>>>> be nice to be able to validate this. Using firewall-cmd to reload >>>>>> firewalld resulted in no errors but what do I know? >>>>>>> So, the intended function of this code is to open the firewall >> to >>>>>> connections involving the device with MAC address >>>> 00:18:DD:01:4A:E7. >>>>>> Is that correct? >>>>>>> Should I be able to find this somewhere in the firewall-config >>>>>> menus? >>>>>>> Thanks. >>>>>>> _______________________________________________ >>>>>>> firewalld-users mailing list >>>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>> _______________________________________________ >>>>>> firewalld-users mailing list >>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>> >>>>> _______________________________________________ >>>>> firewalld-users mailing list >>>>> firewalld-users(a)lists.fedorahosted.org >>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> _______________________________________________ >>>> firewalld-users mailing list >>>> firewalld-users(a)lists.fedorahosted.org >>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> >>> _______________________________________________ >>> firewalld-users mailing list >>> firewalld-users(a)lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> _______________________________________________ >> firewalld-users mailing list >> firewalld-users(a)lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> > > _______________________________________________ > firewalld-users mailing list > firewalld-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

On 10/04/2014 07:33:51 PM, Sam Irlapati wrote: > OK i just noticed that you have Silicondust device attached to another > > system and not directly to the router. I don't think our setup is the > same. My device is hard wired to the router. Then from my fedora 20 > pc, > i use the rule to allow access to the silicondust device. > > To see if what you are doing is even possible, turn off the firewall > completely on the receiving system and see if the silicondust device > is > visible. I have tried to figure out how to turn off firewalld, to no avail. Do you have the secret? :-) I've been running my silicondust box for several years direct connected, with no problems. > On 10/04/2014 09:30 PM, Sam Irlapati wrote: >> I am on fedora 20. I can remove the rule i have and try >> "hdhomerun_config discover" and it says no devices found". When i > add >> the rule back and run the command, it finds the device. I would > check >> to be sure you have the right mac address. >> >> >> On 10/04/2014 03:17 PM, Geoffrey Leach wrote: >>> Thanks for the reassurance. >>> >>> Alas, hdhomerun_config discover still says "no devices found". Very >>> trying. >>> >>> On 10/04/2014 09:46:34 AM, Sam Irlapati wrote: >>>> Yes, Anything from that MAC address should be allowed. Is that > working >>>> for you? Are you trying the program hdhomerun_config_gui to see if > it >>>> has connected? >>>> >>>> On 10/03/2014 06:53 PM, Geoffrey Leach wrote: >>>>> Ah! On (Fedora 19) version 0.3.9.3, its View -> "direct >>>> configuration" tab -> >>>>>> "rules" , but there it is. As entered. >>>>> So, is it correct, then (pardon the restatement) that this says > to >>>> firewalld ignore anything to/from this MAC address? >>>>> And for my education, where did you find out about this coding? >>>>> >>>>> Many thanks! >>>>> >>>>> >>>>> On 10/03/2014 04:12:06 PM, Sam Irlapati wrote: >>>>>> Yes it shows up in the gui. >>>>>> >>>>>> firewall-config -> public zone -> "direct configuration" tab -> >>>>>> "rules" >>>>>> sub tab. >>>>>> >>>>>> I hope that helps. >>>>>> >>>>>> On 10/03/2014 05:16 PM, Geoffrey Leach wrote: >>>>>>> Thanks. I tried your code,but it did not change my status. No >>>>>> reflection on the code, of course! >>>>>>> Can you say if your code should show up anywhere in the > firewall >>>>>> GUI, so that I can convince myself that it's actually been >>>> processed? >>>>>>> On 10/03/2014 11:56:28 AM, Samuel Irlapati wrote: >>>>>>>> Here is the rule that i have. it seems to work for me and it >>>>>> slightly >>>>>>>> different from yours. >>>>>>>> >>>>>>>> # cat direct.xml >>>>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>>>> <direct> >>>>>>>> <rule priority="0" table="filter" ipv="ipv4" >>>> chain="INPUT">-m >>>>>> mac >>>>>>>> --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> >>>>>>>> </direct> >>>>>>>> >>>>>>>> of course you got to use your own mac address. >>>>>>>> sam >>>>>>>> >>>>>>>> >>>>>>>> On 10/03/2014 12:10 PM, Geoffrey Leach wrote: >>>>>>>>> First, let it be known that I am completely ignorant of the >>>>>>>> principles of operation of firewallD, and hope to remain so. >>>>>>>>> that said, I have a device (known to wok Silicon Dust HD Home >>>> Run) >>>>>>>> that is hard-wired to the ethernet port on another system. >>>>>> Installing >>>>>>>> Fedora 19 has interfered with this. >>>>>>>>> In order to open the firewall to this connection, I have >>>> followed >>>>>>>> the advice of >>>>>>>>> Michael Hannon >>>>>>>>> (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) >>>>>>>> and have constructed /etc/firewalld/direct.xml as follows: >>>>>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>>>>> <direct> >>>>>>>>> <passthrough ipv="ipv4">-t filter -A > IN_internal_allow >>>> -m >>>>>> mac >>>>>>>> --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> >>>>>>>>> </direct> >>>>>>>>> >>>>>>>>> This did not suddenly fix the connection problem :-), but it >>>>>> would >>>>>>>> be nice to be able to validate this. Using firewall-cmd to > reload >>>>>>>> firewalld resulted in no errors but what do I know? >>>>>>>>> So, the intended function of this code is to open the > firewall >>>> to >>>>>>>> connections involving the device with MAC address >>>>>> 00:18:DD:01:4A:E7. >>>>>>>> Is that correct? >>>>>>>>> Should I be able to find this somewhere in the > firewall-config >>>>>>>> menus? >>>>>>>>> Thanks. >>>>>>>>> _______________________________________________ >>>>>>>>> firewalld-users mailing list >>>>>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>>>> _______________________________________________ >>>>>>>> firewalld-users mailing list >>>>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> firewalld-users mailing list >>>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>> _______________________________________________ >>>>>> firewalld-users mailing list >>>>>> firewalld-users(a)lists.fedorahosted.org >>>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>>>> >>>>> _______________________________________________ >>>>> firewalld-users mailing list >>>>> firewalld-users(a)lists.fedorahosted.org >>>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> _______________________________________________ >>>> firewalld-users mailing list >>>> firewalld-users(a)lists.fedorahosted.org >>>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >>>> >>> _______________________________________________ >>> firewalld-users mailing list >>> firewalld-users(a)lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/firewalld-users >> >> > _______________________________________________ > firewalld-users mailing list > firewalld-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/firewalld-users > _______________________________________________ firewalld-users mailing list firewalld-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

I am on fedora 20. I can remove the rule i have and try "hdhomerun_config discover" and it says no devices found". When i add the rule back and run the command, it finds the device. I would check to be sure you have the right mac address.

On 10/04/2014 03:17 PM, Geoffrey Leach wrote: > Thanks for the reassurance. > > Alas, hdhomerun_config discover still says "no devices found". Very trying. > > On 10/04/2014 09:46:34 AM, Sam Irlapati wrote: >> Yes, Anything from that MAC address should be allowed. Is that working >> >> for you? Are you trying the program hdhomerun_config_gui to see if it >> has connected? >> >> On 10/03/2014 06:53 PM, Geoffrey Leach wrote: >>> Ah! On (Fedora 19) version 0.3.9.3, its View -> "direct >> configuration" tab -> >>>> "rules" , but there it is. As entered. >>> So, is it correct, then (pardon the restatement) that this says to >> firewalld ignore anything to/from this MAC address? >>> And for my education, where did you find out about this coding? >>> >>> Many thanks! >>> >>> >>> On 10/03/2014 04:12:06 PM, Sam Irlapati wrote: >>>> Yes it shows up in the gui. >>>> >>>> firewall-config -> public zone -> "direct configuration" tab -> >>>> "rules" >>>> sub tab. >>>> >>>> I hope that helps. >>>> >>>> On 10/03/2014 05:16 PM, Geoffrey Leach wrote: >>>>> Thanks. I tried your code,but it did not change my status. No >>>> reflection on the code, of course! >>>>> Can you say if your code should show up anywhere in the firewall >>>> GUI, so that I can convince myself that it's actually been >> processed? >>>>> On 10/03/2014 11:56:28 AM, Samuel Irlapati wrote: >>>>>> Here is the rule that i have. it seems to work for me and it >>>> slightly >>>>>> different from yours. >>>>>> >>>>>> # cat direct.xml >>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>> <direct> >>>>>> <rule priority="0" table="filter" ipv="ipv4" >> chain="INPUT">-m >>>> mac >>>>>> --mac-source 00:18:DD:03:B6:8A -j ACCEPT</rule> >>>>>> </direct> >>>>>> >>>>>> of course you got to use your own mac address. >>>>>> sam >>>>>> >>>>>> >>>>>> On 10/03/2014 12:10 PM, Geoffrey Leach wrote: >>>>>>> First, let it be known that I am completely ignorant of the >>>>>> principles of operation of firewallD, and hope to remain so. >>>>>>> that said, I have a device (known to wok Silicon Dust HD Home >> Run) >>>>>> that is hard-wired to the ethernet port on another system. >>>> Installing >>>>>> Fedora 19 has interfered with this. >>>>>>> In order to open the firewall to this connection, I have >> followed >>>>>> the advice of >>>>>>> Michael Hannon (https://lists.fedoraproject.org/pipermail/users/2013-December/444034.html) >>>>>> and have constructed /etc/firewalld/direct.xml as follows: >>>>>>> <?xml version="1.0" encoding="utf-8"?> >>>>>>> <direct> >>>>>>> <passthrough ipv="ipv4">-t filter -A IN_internal_allow >> -m >>>> mac >>>>>> --mac-source 00:18:DD:01:4A:E7 j ACCEPT</passthrough> >>>>>>> </direct> >>>>>>> >>>>>>> This did not suddenly fix the connection problem :-), but it >>>> would >>>>>> be nice to be able to validate this. Using firewall-cmd to reload >>>>>> firewalld resulted in no errors but what do I know? >>>>>>> So, the intended function of this code is to open the firewall >> to >>>>>> connections involving the device with MAC address >>>> 00:18:DD:01:4A:E7. >>>>>> Is that correct? >>>>>>> Should I be able to find this somewhere in the firewall-config >>>>>> menus? >>>>>>> Thanks.