I find that xbmc upnp client needs to receive a udp reply after broadcasting ssdp to search for upnp devices. How do I limit the reply udp port or let the firewall allow it without opening all the udp ports?
I have iptables firewall on the xbmc client machine set up to only allow udp port 30000-59999:
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 30000:59999 -j ACCEPT
... other rules ...
-A INPUT -j DROP
But xbmc seems to connect with source port anywhere in 1025-1999 (at least that's what I found in a few instances). I'm guessing the ESTABLISHED,RELATED doesn't work with broadcast packets.
The upnp mediatomb discovery works perfectly if I open up all udp ports on the client, but I'd rather limit it, otherwise what's the point of a firewall. And the server itself has no problem working with other non-Linux upnp clients.
So, how do I let xbmc discover upnp servers without opening up all udp ports in iptables? Is there a setting somewhere I can limit xbmc to use certain source port when broadcasting ssdp?
Is there something like a iptable module similar to samba discovery netbios connection tracking that I can use for upnp discovery?
---------- Post added at 09:52 PM ---------- Previous post was at 09:38 PM ----------
Never mind, I decided to just open up all udp ports for that particular upnp server. It looked like an overkill to try to come up with special firewall rules.