- I can’t figure out how to enable broadcast.
firewall-cmd --add-protocol=igmpseems to work (add--permanentshould make it permanent), but I don’t know the equivalent magic for broadcast.
A: @erig0 suggested adding
<protocol value="igmp"/>
, and that seemed to work (I updated the gist).
- I don’t know how to tie turning these protocols on to enabling the Roon server.
A: One approach is to add
ExecStartPre=/usr/bin/firewall-cmd --add-service=roon-server
ExecStopPost=/usr/bin/firewall-cmd --remove-service=roon-server
to your roonserver.service file (then systemctl daemon-reload). In my case I’m manually starting and running Roon on my laptop not as root user but as a restricted user, so I prepend + to these two /usr/bin/firewall-cmd commands so they run as root. It seems to work: systemctl start roonserver enables this service in the firewall (use /usr/bin/firewall-cmd --list-services to check) and I can control Roon core, and systemctl stop roonserver disables it.
- Is there some way to get Linux to let you know when it’s blocking network packets?
A: In the Firewall GUI, change menu > Options > Log Denied from “Off” to “All” or “multicast”, then look for messages in journalctl on the particular network interface, e.g. ernel: FINAL_REJECT: IN=enp0s31f6 .... I was never able to find particular failure messages when my Roon controller couldn’t find Roon core because of firewall blocking.
Thanks everyone!