Hello, Installing vlc-plugin-upnp (should) enable(s) vlc to discover other upnp devices inside the local area network. But there is (currently) no hint how to allows it in the firewall. After a quite search and try, it is the udp port 1900. Is it possible to add "ssdp/upnp" at this lines : http://gitweb.mageia.org/software/drakx-net/tree/lib/network/drakfirewall.pm#n110 > name => N_("Network services autodiscovery (zeroconf, mdns, ssdp/upnp and slp)"), > ports => '5353/udp 427/udp' 1900/udp, > pkg => 'avahi cups openslp vlc-plugin-upnp', And the ipv6 firewall http://gitweb.mageia.org/software/drakx-net/tree/lib/network/drakfirewall6.pm
Can probably be done for Mageia 9. We are past string freeze and version freeze and are starting on RC isos
Target Milestone: --- => Mageia 9
If it is added, it should come with a strong warning such as in https://www.varonis.com/blog/what-is-upnp/ Adding something to mcc that encourages people to use upnp on their networks seems like a bad idea to me, but I do agree that for those who understand the security risks it creates, it should be easy to do properly.
CC: (none) => davidwhodgins
Well, why not seperating it ? One occurence for : zeroconf, and slp and another one sspd/upnp I just look here https://en.wikipedia.org/wiki/Zero-configuration_networking upnp is mentioned as zeroconf.
Assigning to Mageia Tools Maintainers. Set this as a enhancement request for Mageia 9.
Severity: normal => enhancementAssignee: bugsquad => mageiatoolsSource RPM: (none) => drakx-net-2.53-1.mga8.src.rpmCC: (none) => ouaurelienVersion: 8 => Cauldron
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28571
From bug 28571#c2 For vlc-upnp, the following ports need to be opened in the firewall ... $ grep -e sapv1 -e ssdp -e mdns /etc/services ssdp 1900/tcp # SSDP ssdp 1900/udp # SSDP mdns 5353/tcp # Multicast DNS mdns 5353/udp # Multicast DNS mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC mdnsresponder 5354/udp noclog # Multicast DNS Responder IPC sapv1 9875/tcp # Session Announcement v1 sapv1 9875/udp # Session Announcement v1
ssdp is upnp. But mdns is mdns, not upnp. For sap, I've never hear about before. https://en.m.wikipedia.org/wiki/Session_Announcement_Protocol I don't know if it is related to upnp. The more protocol we add in a "one-clic" category, and the less I'm in favor. It is like opening everything or blocking everything. I'm for a fine tuning, one for upnp, one other for mdns, … And better if, instead of hardcoding it, we can use config file to be read and added be packages. A new package could add the port without modifying this package (drakx-net) again.
Out of topic : http://gitweb.mageia.org/software/drakx-net/tree/lib/network/drakfirewall.pm#n65 This : > ports => '137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp', Can be replaced by : > ports => '137:139/tcp 137:139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp',
(In reply to Jybz from comment #6) > ssdp is upnp. > But mdns is mdns, not upnp. True. I was just listing the ports that vlc is trying to listen to. > For sap, I've never hear about before. > https://en.m.wikipedia.org/wiki/Session_Announcement_Protocol > I don't know if it is related to upnp. Doesn't appear to be. > The more protocol we add in a "one-clic" category, and the less I'm in > favor. It is like opening everything or blocking everything. > > I'm for a fine tuning, one for upnp, one other for mdns, … And another for SSDP, which appears to be optional when using mdns.