From f9361af41c441e6becd4bb9b16c7d33c49f48017 Mon Sep 17 00:00:00 2001 From: Colin Date: Sat, 30 Dec 2023 06:16:17 +0000 Subject: [PATCH] go2tv: remove firewall fix and allow SSDP at the iptables layer --- hosts/common/net.nix | 10 ++++++++++ hosts/common/programs/go2tv.nix | 18 ------------------ 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/hosts/common/net.nix b/hosts/common/net.nix index 659fa117..f07ae84a 100644 --- a/hosts/common/net.nix +++ b/hosts/common/net.nix @@ -39,6 +39,16 @@ 1900 # to received UPnP advertisements. required by sane-ip-check-upnp ]; + networking.firewall.extraCommands = '' + # after an outgoing SSDP query to the multicast address, open FW for incoming responses. + # necessary for anything DLNA, especially go2tv + # source: + # context: + ipset create upnp hash:ip,port timeout 10 + iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist + iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT + ''; + # keyfile.path = where networkmanager should look for connection credentials networking.networkmanager.extraConfig = '' [keyfile] diff --git a/hosts/common/programs/go2tv.nix b/hosts/common/programs/go2tv.nix index 084663ec..93894fe4 100644 --- a/hosts/common/programs/go2tv.nix +++ b/hosts/common/programs/go2tv.nix @@ -28,24 +28,6 @@ let cfg = config.sane.programs.go2tv; in { - sane.programs.go2tv = { - package = pkgs.go2tv.overrideAttrs (orig: { - # SSDP doesn't do well with default firewall rules. - # - go2tv sends a UDP M-Search from localhost port P to the broadcast address. - # - UPNP sinks respond to localhost port P. - # - firewall can't track that "connection", because the address which contacts us isn't the same as the address we queried. - # - # to workaround this, force go2tv to query from a fixed *source* port. - # then the responses will likewise be to a fixed *dest* port, and we can open that port - postPatch = (orig.postPatch or "") + '' - substituteInPlace devices/devices.go \ - --replace 'ssdp.Search(ssdp.All, delay, "")' 'ssdp.Search(ssdp.All, delay, "0.0.0.0:1901")' - ''; - }); - }; - - # necessary to discover local UPNP endpoints - networking.firewall.allowedUDPPorts = lib.mkIf cfg.enabled [ 1901 ]; # for serving local files # see: go2tv/soapcalls/utils/iptools.go networking.firewall.allowedTCPPorts = lib.mkIf cfg.enabled [ 3500 ];