go2tv: remove firewall fix and allow SSDP at the iptables layer
This commit is contained in:
parent
3cd3ebed51
commit
f9361af41c
|
@ -39,6 +39,16 @@
|
||||||
1900 # to received UPnP advertisements. required by sane-ip-check-upnp
|
1900 # to received UPnP advertisements. required by sane-ip-check-upnp
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
# after an outgoing SSDP query to the multicast address, open FW for incoming responses.
|
||||||
|
# necessary for anything DLNA, especially go2tv
|
||||||
|
# source: <https://serverfault.com/a/911286>
|
||||||
|
# context: <https://github.com/alexballas/go2tv/issues/72>
|
||||||
|
ipset create upnp hash:ip,port timeout 10
|
||||||
|
iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j SET --add-set upnp src,src --exist
|
||||||
|
iptables -A INPUT -p udp -m set --match-set upnp dst,dst -j ACCEPT
|
||||||
|
'';
|
||||||
|
|
||||||
# keyfile.path = where networkmanager should look for connection credentials
|
# keyfile.path = where networkmanager should look for connection credentials
|
||||||
networking.networkmanager.extraConfig = ''
|
networking.networkmanager.extraConfig = ''
|
||||||
[keyfile]
|
[keyfile]
|
||||||
|
|
|
@ -28,24 +28,6 @@ let
|
||||||
cfg = config.sane.programs.go2tv;
|
cfg = config.sane.programs.go2tv;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sane.programs.go2tv = {
|
|
||||||
package = pkgs.go2tv.overrideAttrs (orig: {
|
|
||||||
# SSDP doesn't do well with default firewall rules.
|
|
||||||
# - go2tv sends a UDP M-Search from localhost port P to the broadcast address.
|
|
||||||
# - UPNP sinks respond to localhost port P.
|
|
||||||
# - firewall can't track that "connection", because the address which contacts us isn't the same as the address we queried.
|
|
||||||
#
|
|
||||||
# to workaround this, force go2tv to query from a fixed *source* port.
|
|
||||||
# then the responses will likewise be to a fixed *dest* port, and we can open that port
|
|
||||||
postPatch = (orig.postPatch or "") + ''
|
|
||||||
substituteInPlace devices/devices.go \
|
|
||||||
--replace 'ssdp.Search(ssdp.All, delay, "")' 'ssdp.Search(ssdp.All, delay, "0.0.0.0:1901")'
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
# necessary to discover local UPNP endpoints
|
|
||||||
networking.firewall.allowedUDPPorts = lib.mkIf cfg.enabled [ 1901 ];
|
|
||||||
# for serving local files
|
# for serving local files
|
||||||
# see: go2tv/soapcalls/utils/iptools.go
|
# see: go2tv/soapcalls/utils/iptools.go
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enabled [ 3500 ];
|
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enabled [ 3500 ];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user