[mythtv-users] firewalld settings to allow mythtv to work?

James jam at tigger.ws
Wed Aug 10 12:15:13 UTC 2022

> On 10 Aug 2022, at 7:10 pm, James Abernathy <jfabernathy at gmail.com> wrote:
> I've been using the MythTV FE/BE combo on a PC that in recent updates is now running firewalld.  I've looked into trying to configure it correctly, but without luck at least for MythTV.  I know I have to set it to Home zone and turn on stuff but so far, I'm missing something. If I disable firewalld service, it all works as before.
> Anyone figured out firewalld with MythTV yet?

Jim this is complex stuff:

If you have a modem/router and you are running an ipv4 network at home then any firewall within your network is totally without any value what so ever.

By RFC no router in the internet may route private addresses (192.168, 10. etc)
So bad guys any where make it to your modem and can go NOWHERE. Your wife is not going to hack your mythbackend and you don't have kids at home playing with game servers!

You might have port-forwarding on your modem enabled, in which case you have already delt with it eg ssh or www.
Any machine on your network (usually) allows RELATED,ESTABLISHED back and a firewall will not help you stop a compromise that uses this vector.

If you use ipv6 you need a whole bunch of experience, knowing the fine print of link-only addresses, and I have read of the benefits of using NAT with ipv6.

I guess the best questions are I guess: What are you trying to protect: From Whom. 

As IR you are running various ubuntu, though I guess your 'lite' systems are debian. I did not think they pushed firewalld, but in those cases it would be easy to remove.

'Course if you are playing with then methinks play with ip-tables knowing that firewalld makes it easier (usually) to set them.
Frankly for us ole farts there is much more exciting than ip-tables!



More information about the mythtv-users mailing list