Good morning, I was trying to switch in the last period from UFW to FirewallD, as it is more well integrated in my GNOME setup and also seems much more powerful than UFW. The real problem for me is that I heavily use UPNP/SSDP to do port mapping, so having a firewall that doesn't allow me to do that is a problem for me. I tried two different approaches: the first was to create some port rules in the GTK application (firewall-config) and the second approach was to create a service profile for SSDP. None of these worked. I digged in the generated iptables rules and this is the major result: * UFW rule: ACCEPT udp -- anywhere 239.255.255.250 udp dpt:ssdp ACCEPT udp -- anywhere anywhere udp spt:ssdp * firewalld rule: ACCEPT udp -- anywhere anywhere udp dpt:ssdp ctstate NEW
The relevant rule of UFW that makes everything works (manually added by myself) is the second one. The major difference I can spot is that the port is the source one and not the destination one. In firewall-config I found no option to set the source port. Is it missing just in the frontend or completely? Is there any way I can tackle this? Thank you in advance.
On 08/06/16 11:01, Giovanni 'ItachiSan' Santini wrote:
The relevant rule of UFW that makes everything works (manually added by myself) is the second one. The major difference I can spot is that the port is the source one and not the destination one. In firewall-config I found no option to set the source port. Is it missing just in the frontend or completely? Is there any way I can tackle this? Thank you in advance.
From the 0.4.2 release notes...
Source port support in zones, services and rich rules -----------------------------------------------------
Additionally to ports is it also now possible to allow source ports in a zones and also in a service in a similar way as existing ports. There is a new flag source-port for this.
Source ports can also be used in rich rules as elements. The source ports can be combined with logging, limiting and also an action.
...
So I guess this long awaited feature is now ready.
BR
firewalld-users@lists.fedorahosted.org