Local firewall rule based on source port

I’m just trying to eliminate a useless bunch of warnings posted to my firewall log to make it easier to review.

I’m running Plex on the server, which insists on spraying out SSDP requests (no matter how much the community asks for a way to stop this). This results in a bunch of replies back, to random port numbers, but with a fixed source port, 1900, that the firewall tells to “go take a hike”

I tried creating a Local Rule, but that uses the port as the destination, not the source.

I also need this to allow my HDHomerun devices to talk to the DVR service also running on the server,

So, is there a way to create a rule based on (for safety a CIDR for my local network and) a source port.

EDIT: I guess I could write my own rule as a custom e-smith template.


Can somebody help?

Sorry I can’t help, perhaps @giacomo can?

I think you really need a template custom inside /etc/shorewall/rules. :frowning:

Take a look at the upstream doc for the syntax: https://shorewall.org/manpages/shorewall-rules.html

1 Like

That’s exactly what I did:

[root@Nethserver ~]# cat /etc/e-smith/templates-custom/etc/shorewall/rules/80myservices

ACCEPT  loc     $FW     udp     -    1900

ACCEPT  loc     $FW     udp     -    65001

[root@Nethserver ~]#



Could you mark the topic as solved please, or do you have any questions about it?