[mythtv-users] firewalld settings to allow mythtv to work?

James jam at tigger.ws
Wed Aug 10 13:14:41 UTC 2022 


> On 10 Aug 2022, at 8:50 pm, James Abernathy <jfabernathy at gmail.com> wrote:
> 
> This is mostly an exercise in understanding.  I'm a big believer in turning off security forced on me by OS vendors/developers.  It started with  RHEL4 with selinux.  Only way to get my system to work was to turn it off. Same for firewalld.  
> 
> I've been playing with EnveavourOS recently and they started including firewalld turned on by default and with the public setting which blocks everything.  
> 
> My network is simple. Cable modem is connected to the Wan port of a TP-Link WiFi 6 AP/router.  So everything is on a 192.168.0.0/24 <http://192.168.0.0/24> subnet.  I view that as reasonably safe as I don't do port forwarding and the only thing open is openvpn on the router so I can ssh backend to my local network from outside the house.
> 
> I do worry about all the smart devices like Nest thermostats, Amazon Echo, smart light switch and receptacles, etc.  They communicate to hosts outside the home to set up some link for your phone to control them.  That looks like trouble brewing. 
> 
> So I guess using a firewall on a Desktop OS is dumb as everyone is on a private non routeable network behind an AP/router with NAT and other features turned on.

I wander OT ...

I have just installed solar by Enphase. They do exactly that !! Their system phones-home with an ssh tunnel. They then sneak down the tunnel so they can play/manipulate the Enphase equipment (that I bought). In principle they can then hack my network from within and a firewall won't stop them. I firewall OUT going (ECHO etc). Both Enphase's equipment and my Telstra NBN modem are based on openWRT, and since you cant firewall echo, it is a risk area.
If you are curious, Perth rainy winter http://tigger.3utilities.com:8080/ <http://tigger.3utilities.com:8080/>
And funny: Netflix: Secret lives of pets: parrot used echo to order groceries !! order was

strawberries
strawberries
strawberries
strawberries
...

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20220810/e02d70d2/attachment.htm>

More information about the mythtv-users mailing list