net: fix broken firewall/ipset setup
This commit is contained in:
parent
0028c41bdc
commit
103d11a87c
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
# the default backend is "wpa_supplicant".
|
||||
|
@ -39,14 +39,16 @@
|
|||
1900 # to received UPnP advertisements. required by sane-ip-check-upnp
|
||||
];
|
||||
|
||||
networking.firewall.extraCommands = ''
|
||||
networking.firewall.extraCommands = with pkgs; ''
|
||||
# after an outgoing SSDP query to the multicast address, open FW for incoming responses.
|
||||
# necessary for anything DLNA, especially go2tv
|
||||
# source: <https://serverfault.com/a/911286>
|
||||
# context: <https://github.com/alexballas/go2tv/issues/72>
|
||||
ipset create upnp hash:ip,port timeout 10
|
||||
iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
|
||||
iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT
|
||||
|
||||
# ipset -! means "don't fail if set already exists"
|
||||
${ipset}/bin/ipset create -! upnp hash:ip,port timeout 10
|
||||
${iptables}/bin/iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
|
||||
${iptables}/bin/iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT
|
||||
'';
|
||||
|
||||
# keyfile.path = where networkmanager should look for connection credentials
|
||||
|
|
Loading…
Reference in New Issue
Block a user