* On 2022 09 Feb 02:58 -0600, Tuomo Soini wrote: Thanks, Tuomo.
> Add following rule into NEW section and it should work for you. > > SSDPserver(ACCEPT) $FW net:192.168.0.0/24,239.255.255.250 I see now why this works as I didn't understand the need to put $FW in the Source field and the net in the Destination field. It now makes sense with the addition of the multicast address to the Destination field. The iptables rules are now sensible: ACCEPT udp -- 192.168.0.0/24 anywhere udp spt:1900 /* SSDPserver */ ACCEPT udp -- 239.255.255.250 anywhere udp spt:1900 /* SSDPserver */ > Reason why this rule didn't work is this was NEW packet, not untracked. > So alternive way would be to add this rule back but at this time to > NEW section. > > > ACCEPT net:192.168.0.0/24 $FW udp - 1900 > > If you send packet to multicast address but you get response from > unicast address, that is a new connection. Thank you! I appreciate your explanation. Once again I have learned something new. :) The log is quiet now and whether Chromium can make use of these responses is another matter that is off topic here. - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: https://www.n0nb.us Projects: https://github.com/N0NB GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819
signature.asc
Description: PGP signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users