![]() ![]() Fedora is the main distribution that does so. And I bet the app doesn't use the SO_REUSEPORT hack that avahi implements for disallow-other-stacks=no, so this would only let you run one instance of the app at once.Ī lot of Linux software for Desktops or dinky local network boxes probably isn't designed to run with a host firewall. It's not running all the network requests through a single daemon. except when you say "client application", you probably mean a class of software that should in theory be able to run multiple instances at the same time. Of course if the app lets you choose a fixed source port, you can just add that to the firewall & it will work. Or you could simply disable Avahi if you don't need it. It's not clear what effect this has on the reliability of Avahi. It may alternatively be possible to rely on the default avahi option disallow-other-stacks=no, and configure the client app to use the fixed port 5353. If you can get the software to talk to avahi instead, that's the solution avahi would recommend. Port 5353 is allowed specifically by a firewall rule. Obviously the system MDNS dameon, avahi, avoids this by sending from the fixed port 5353, so that's where it gets responses as well. The firewall can't match the response to your request, so it blocks it. Tracking multicast protocols: the response can't come back from the same address, because you're absolutely forbidden to send from a multicast address. Congratulations, you discovered a limitation in the concept of packet filtering.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |