Re: firewalld equivalent of iptabled --sport?
the question was *sport* not dport sport == source port (remote client) dport == target port (your machine running iptables) Am 19.09.2013 16:46, schrieb Shelby, James: > I believe the syntax is: firewall-cmd --permanent --add-port 5002/udp > > > From: users-boun...@lists.fedoraproject.org > [users-boun...@lists.fedoraproject.org] On Behalf Of Richard Shaw > [hobbes1...@gmail.com] > Sent: Thursday, September 19, 2013 7:40 AM > To: Community support for Fedora users > Subject: firewalld equivalent of iptabled --sport? > > I have a HDHomeRun (network based TV tuner) on my home network. In order to > get it to work I had to add the following to my iptables config: > > -A INPUT -m state --state NEW -m udp -p udp --sport 5002 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --sport 5004 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --sport 65001 -j ACCEPT > > Which from my limited knowledge of how iptables work, is the opposite of what > you usually do for most services (--dport) because in this case the the > return port is random. > > I have not been able to find any setting in firewall-config or in the > documentation that mentions source ports, only destination ports. > > If this is not possible it would appear to be a fairly large flaw in > firewalld in general signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewalld equivalent of iptabled --sport?
On Thu, Sep 19, 2013 at 8:40 AM, Richard Shaw wrote: > I have a HDHomeRun (network based TV tuner) on my home network. In order > to get it to work I had to add the following to my iptables config: > > -A INPUT -m state --state NEW -m udp -p udp --sport 5002 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --sport 5004 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --sport 65001 -j ACCEPT > The short answer is no, not right now. https://lists.fedorahosted.org/pipermail/firewalld-devel/2013-September/82.html Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewalld equivalent of iptabled --sport?
On Thu, Sep 19, 2013 at 9:46 AM, Shelby, James wrote: > I believe the syntax is: firewall-cmd --permanent --add-port 5002/udp >From what I can tell that's the equivalent of --dport, not --sport... Otherwise it would work from firewall-config. Thanks, Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
RE: firewalld equivalent of iptabled --sport?
I believe the syntax is: firewall-cmd --permanent --add-port 5002/udp From: users-boun...@lists.fedoraproject.org [users-boun...@lists.fedoraproject.org] On Behalf Of Richard Shaw [hobbes1...@gmail.com] Sent: Thursday, September 19, 2013 7:40 AM To: Community support for Fedora users Subject: firewalld equivalent of iptabled --sport? I have a HDHomeRun (network based TV tuner) on my home network. In order to get it to work I had to add the following to my iptables config: -A INPUT -m state --state NEW -m udp -p udp --sport 5002 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --sport 5004 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --sport 65001 -j ACCEPT Which from my limited knowledge of how iptables work, is the opposite of what you usually do for most services (--dport) because in this case the the return port is random. I have not been able to find any setting in firewall-config or in the documentation that mentions source ports, only destination ports. If this is not possible it would appear to be a fairly large flaw in firewalld in general. Thanks, Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
