Local firewall rule based on source port

EddieA · June 14, 2021, 11:42pm

I’m just trying to eliminate a useless bunch of warnings posted to my firewall log to make it easier to review.

I’m running Plex on the server, which insists on spraying out SSDP requests (no matter how much the community asks for a way to stop this). This results in a bunch of replies back, to random port numbers, but with a fixed source port, 1900, that the firewall tells to “go take a hike”

I tried creating a Local Rule, but that uses the port as the destination, not the source.

I also need this to allow my HDHomerun devices to talk to the DVR service also running on the server,

So, is there a way to create a rule based on (for safety a CIDR for my local network and) a source port.

EDIT: I guess I could write my own rule as a custom e-smith template.

Cheers.

m.traeumner · June 16, 2021, 12:08pm

@support_team
Can somebody help?

m.traeumner · June 17, 2021, 10:00am

Sorry I can’t help, perhaps @giacomo can?

giacomo · June 17, 2021, 10:29am

I think you really need a template custom inside /etc/shorewall/rules.

Take a look at the upstream doc for the syntax: https://shorewall.org/manpages/shorewall-rules.html

EddieA · June 17, 2021, 3:48pm

That’s exactly what I did:

[root@Nethserver ~]# cat /etc/e-smith/templates-custom/etc/shorewall/rules/80myservices

?COMMENT plex SSDP
ACCEPT  loc     $FW     udp     -    1900

?COMMENT HDHomerun
ACCEPT  loc     $FW     udp     -    65001

[root@Nethserver ~]#

Cheers.

m.traeumner · June 21, 2021, 11:56am

Could you mark the topic as solved please, or do you have any questions about it?