- I can’t figure out how to enable broadcast.
firewall-cmd --add-protocol=igmp
seems to work (add--permanent
should make it permanent), but I don’t know the equivalent magic for broadcast.
A: @erig0 suggested adding
<protocol value="igmp"/>
, and that seemed to work (I updated the gist).
- I don’t know how to tie turning these protocols on to enabling the Roon server.
A: One approach is to add
ExecStartPre=/usr/bin/firewall-cmd --add-service=roon-server
ExecStopPost=/usr/bin/firewall-cmd --remove-service=roon-server
to your roonserver.service file (then systemctl daemon-reload
). In my case I’m manually starting and running Roon on my laptop not as root user but as a restricted user, so I prepend +
to these two /usr/bin/firewall-cmd
commands so they run as root. It seems to work: systemctl start roonserver
enables this service in the firewall (use /usr/bin/firewall-cmd --list-services
to check) and I can control Roon core, and systemctl stop roonserver
disables it.
- Is there some way to get Linux to let you know when it’s blocking network packets?
A: In the Firewall GUI, change menu > Options > Log Denied from “Off” to “All” or “multicast”, then look for messages in journalctl
on the particular network interface, e.g. ernel: FINAL_REJECT: IN=enp0s31f6 ...
. I was never able to find particular failure messages when my Roon controller couldn’t find Roon core because of firewall blocking.
Thanks everyone!