From b4befe9959d0e2ac6e0ba5c9049a996cbf977eb4 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Tue, 11 Dec 2018 09:50:49 +0100 Subject: [PATCH 1/1] iptables-workstation.sh: enable DHCPv4 offers and more SSDP communication When trying to connect to a Panasonic Lumix DMC-G6 camera in direct mode the current rules are too strict to fully enable DHCP communication and SSDP discovery. Accept the traffic required for these functionality. --- iptables-workstation.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/iptables-workstation.sh b/iptables-workstation.sh index a00aa51..2ec87ce 100755 --- a/iptables-workstation.sh +++ b/iptables-workstation.sh @@ -37,6 +37,9 @@ flush_ruleset ip46t -N in-new +# Accept DHCPv4 Offer +ipt -A in-new -p udp -m udp --sport bootps --dport bootpc -j ACCEPT + # Silently drop DHCPv4 Discover and Request packets from other clients. ipt -A in-new -s 0.0.0.0 -d 255.255.255.255 -p udp -m udp --sport bootpc --dport bootps -j DROP @@ -48,11 +51,12 @@ ipt -A in-new -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT ip6t -A in-new -d ff02::fb -p udp -m udp --dport 5353 -j ACCEPT # SSDP: https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol -ipt -A in-new -d 239.255.255.250 -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff02::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff05::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff08::c -p udp -m udp --dport 1900 -j ACCEPT -ip6t -A in-new -d ff0e::c -p udp -m udp --dport 1900 -j ACCEPT +ipt -A in-new -d 239.255.255.250 -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff02::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff05::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff08::c -p udp -m udp --dport 1900 -j ACCEPT +ip6t -A in-new -d ff0e::c -p udp -m udp --dport 1900 -j ACCEPT +ip46t -A in-new -p udp -m udp --sport 1900 -j ACCEPT for port in "${TCP_OPEN_PORTS[@]}"; -- 2.1.4