Configuring the firewall for DLNA with Emby

Get help with MATE specific problems
Post Reply
User avatar
SEMERENDO.cr
Samurai
Samurai
Posts: 125
Joined: 08 Nov 2023, 20:36
Distribution: alt, Porteus 5 mixed + x0.9

Configuring the firewall for DLNA with Emby

Post#1 by SEMERENDO.cr » 01 Apr 2026, 04:52

I've been trying to configure it but I can't get it... if anyone can try this latest solution proposed by Google's so-called "intelligence" artificial or correct this, please post it... I haven't tested this yet! Well, I want to track it on my phone or the living room TV.

//altlinux
Image

Code: Select all

#!/bin/bash
#
# usage: rc.FireWall start|stop|status
#
# Author: Tomas M. <http://slax.linux-live.org/>
#
ALLOWED_PORTS="80 443 8096 1900 7359"
#-----------------------------------------------------------

if [ "$1" = "start" ]; then

   SYSCTLW="/sbin/sysctl -q -w"
   IPTABLES="/usr/sbin/iptables"
   IPTABLES6="/usr/sbin/ip6tables"

   $SYSCTLW net.ipv4.conf.all.rp_filter=1
   $SYSCTLW net.ipv4.conf.all.log_martians=1
   $SYSCTLW net.ipv4.conf.all.send_redirects=0
   $SYSCTLW net.ipv4.conf.all.accept_source_route=0
   $SYSCTLW net.ipv4.conf.all.accept_redirects=0
   $SYSCTLW net.ipv4.tcp_syncookies=1
   $SYSCTLW net.ipv4.icmp_echo_ignore_broadcasts=1
   $SYSCTLW net.ipv4.ip_forward=1

   $IPTABLES -F
   $IPTABLES -X
   $IPTABLES6 -F
   $IPTABLES6 -X

   $IPTABLES -P INPUT DROP
   $IPTABLES -P OUTPUT DROP
   $IPTABLES -P FORWARD DROP
   $IPTABLES -A INPUT -i lo -j ACCEPT
   $IPTABLES -A OUTPUT -o lo -j ACCEPT

   $IPTABLES6 -P INPUT DROP
   $IPTABLES6 -P OUTPUT DROP
   $IPTABLES6 -P FORWARD DROP
   $IPTABLES6 -A INPUT -i lo -j ACCEPT
   $IPTABLES6 -A OUTPUT -o lo -j ACCEPT

   # DNS
   $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
   $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --sport 53 -j ACCEPT

   $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

   # REGLAS PARA DLNA Y EMBY (Multicast e IGMP)
   $IPTABLES -A INPUT -p igmp -j ACCEPT
   $IPTABLES -A INPUT -d 239.255.255.250 -j ACCEPT

   # Bucle para abrir los puertos de la lista (TCP y UDP)
   for PORT in $ALLOWED_PORTS; do
      # Tráfico TCP
      $IPTABLES -A OUTPUT -p tcp --dport $PORT -m state --state NEW,ESTABLISHED -j ACCEPT
      $IPTABLES -A INPUT -p tcp --sport $PORT -m state --state ESTABLISHED -j ACCEPT
      $IPTABLES -A INPUT -p tcp --dport $PORT -j ACCEPT
      
      # Tráfico UDP (Vital para descubrimiento DLNA)
      $IPTABLES -A INPUT -p udp --dport $PORT -j ACCEPT
      $IPTABLES -A OUTPUT -p udp --sport $PORT -j ACCEPT
   done

   # Bucle para IPv6 (Solo TCP como el original)
   for PORT in $ALLOWED_PORTS; do
      $IPTABLES6 -A OUTPUT -p tcp --dport $PORT -m state --state NEW,ESTABLISHED -j ACCEPT
      $IPTABLES6 -A INPUT -p tcp --sport $PORT -m state --state ESTABLISHED -j ACCEPT
   done

   $IPTABLES -N LOG_DROP
   $IPTABLES -A LOG_DROP -j DROP
   $IPTABLES -A INPUT -j LOG_DROP
   $IPTABLES -A FORWARD -j LOG_DROP

elif [ "$1" = "stop" ]; then
   iptables -F
   iptables -X
   iptables -P OUTPUT ACCEPT
   iptables -P FORWARD ACCEPT
   iptables -P INPUT ACCEPT
   ip6tables -F
   ip6tables -X
   ip6tables -P OUTPUT ACCEPT
   ip6tables -P FORWARD ACCEPT
   ip6tables -P INPUT ACCEPT

elif [ "$1" = "status" ]; then
   iptables -L -v

else
   echo "usage: $0 start|stop|status"
fi
Top
Post Reply

Return to “MATE”