From: Antonio Ospite Date: Tue, 11 Dec 2018 08:50:49 +0000 (+0100) Subject: iptables-workstation.sh: enable DHCPv4 offers and more SSDP communication X-Git-Url: https://git.ao2.it/config/iptables.git/commitdiff_plain/refs/heads/master?ds=sidebyside;hp=72b2b60922c789a8e29bca7b7f383846f3383188 iptables-workstation.sh: enable DHCPv4 offers and more SSDP communication When trying to connect to a Panasonic Lumix DMC-G6 camera in direct mode the current rules are too strict to fully enable DHCP communication and SSDP discovery. Accept the traffic required for these functionality. --- diff --git a/iptables-workstation.sh b/iptables-workstation.sh index a00aa51..2ec87ce 100755 --- a/iptables-workstation.sh +++ b/iptables-workstation.sh @@ -37,6 +37,9 @@ flush_ruleset ip46t -N in-new +# Accept DHCPv4 Offer +ipt -A in-new -p udp -m udp --sport bootps --dport bootpc -j ACCEPT + # Silently drop DHCPv4 Discover and Request packets from other clients. ipt -A in-new -s 0.0.0.0 -d 255.255.255.255 -p udp -m udp --sport bootpc --dport bootps -j DROP @@ -48,11 +51,12 @@ ipt -A in-new -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT ip6t -A in-new -d ff02::fb -p udp -m udp --dport 5353 -j ACCEPT # SSDP: https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol -ipt -A in-new -d 239.255.255.250 -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff02::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff05::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff08::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff0e::c -p udp -m udp --dport 1900 -j ACCEPT +ipt -A in-new -d 239.255.255.250 -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff02::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff05::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff08::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff0e::c -p udp -m udp --dport 1900 -j ACCEPT +ip46t -A in-new -p udp -m udp --sport 1900 -j ACCEPT for port in "${TCP_OPEN_PORTS[@]}";