mDNS and sonos.

This commit is contained in:
Joseph Hanson 2024-04-13 18:16:33 -05:00
parent f3d4c9cdaf
commit dbd2fa36a9
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
4 changed files with 73 additions and 6 deletions

View file

@ -38,6 +38,11 @@ set firewall ipv4 name iot-local rule 200 description 'Rule: accept_discovery_fr
set firewall ipv4 name iot-local rule 200 destination group port-group sonos-discovery set firewall ipv4 name iot-local rule 200 destination group port-group sonos-discovery
set firewall ipv4 name iot-local rule 200 protocol 'udp' set firewall ipv4 name iot-local rule 200 protocol 'udp'
set firewall ipv4 name iot-local rule 200 source group address-group 'sonos_players' set firewall ipv4 name iot-local rule 200 source group address-group 'sonos_players'
set firewall ipv4 name iot-local rule 220 action 'accept'
set firewall ipv4 name iot-local rule 220 description 'Rule: accept_api_from_sonos_controllers'
set firewall ipv4 name iot-local rule 220 destination group port-group sonos-controller-api
set firewall ipv4 name iot-local rule 220 protocol 'tcp'
set firewall ipv4 name iot-local rule 220 source group address-group 'sonos_controllers'
set firewall ipv4 name iot-local rule 999 action 'drop' set firewall ipv4 name iot-local rule 999 action 'drop'
set firewall ipv4 name iot-local rule 999 description 'Rule: drop_invalid' set firewall ipv4 name iot-local rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name iot-local rule 999 state invalid set firewall ipv4 name iot-local rule 999 state invalid
@ -74,6 +79,17 @@ set firewall ipv4 name iot-containers rule 999 log
set firewall ipv4 name iot-trusted default-action 'drop' set firewall ipv4 name iot-trusted default-action 'drop'
set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED' set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED'
set firewall ipv4 name iot-trusted default-log set firewall ipv4 name iot-trusted default-log
set firewall ipv4 name iot-trusted rule 100 description 'Rule: accept_udp_from_sonos_players_to_sonos_controllers'
set firewall ipv4 name iot-trusted rule 100 destination group address-group 'sonos_controllers'
set firewall ipv4 name iot-trusted rule 100 destination port '319,320,30000-65535'
set firewall ipv4 name iot-trusted rule 100 protocol 'udp'
set firewall ipv4 name iot-trusted rule 100 source group address-group 'sonos_players'
set firewall ipv4 name iot-trusted rule 110 action 'accept'
set firewall ipv4 name iot-trusted rule 110 description 'Rule: accept_tcp_from_sonos_players_to_sonos_controllers'
set firewall ipv4 name iot-trusted rule 110 destination group address-group 'sonos_controllers'
set firewall ipv4 name iot-trusted rule 110 destination port '1400,3400,3401,3500,30000-65535'
set firewall ipv4 name iot-trusted rule 110 protocol 'tcp'
set firewall ipv4 name iot-trusted rule 110 source group address-group 'sonos_players'
set firewall ipv4 name iot-trusted rule 999 action 'drop' set firewall ipv4 name iot-trusted rule 999 action 'drop'
set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid' set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name iot-trusted rule 999 state invalid set firewall ipv4 name iot-trusted rule 999 state invalid
@ -190,6 +206,11 @@ set firewall ipv4 name local-iot rule 110 description 'Rule: accept_mdns'
set firewall ipv4 name local-iot rule 110 destination port 'mdns' set firewall ipv4 name local-iot rule 110 destination port 'mdns'
set firewall ipv4 name local-iot rule 110 protocol 'udp' set firewall ipv4 name local-iot rule 110 protocol 'udp'
set firewall ipv4 name local-iot rule 110 source port 'mdns' set firewall ipv4 name local-iot rule 110 source port 'mdns'
set firewall ipv4 name local-iot rule 200 action 'accept'
set firewall ipv4 name local-iot rule 200 description 'Rule: accept_discovery_from_sonos_controllers'
set firewall ipv4 name local-iot rule 200 destination group port-group sonos-controller-discovery
set firewall ipv4 name local-iot rule 200 protocol 'udp'
set firewall ipv4 name local-iot rule 200 source group address-group 'sonos_controllers'
set firewall ipv4 name local-iot rule 999 action 'drop' set firewall ipv4 name local-iot rule 999 action 'drop'
set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid' set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name local-iot rule 999 state invalid set firewall ipv4 name local-iot rule 999 state invalid
@ -256,7 +277,7 @@ set firewall ipv4 name local-trusted rule 110 protocol 'udp'
set firewall ipv4 name local-trusted rule 110 source port 'mdns' set firewall ipv4 name local-trusted rule 110 source port 'mdns'
set firewall ipv4 name local-trusted rule 200 action 'accept' set firewall ipv4 name local-trusted rule 200 action 'accept'
set firewall ipv4 name local-trusted rule 200 description 'Rule: accept_discovery_from_sonos_players' set firewall ipv4 name local-trusted rule 200 description 'Rule: accept_discovery_from_sonos_players'
set firewall ipv4 name local-trusted rule 200 destination group port-group sonos-discovery set firewall ipv4 name local-trusted rule 200 destination group port-group sonos-player-discovery
set firewall ipv4 name local-trusted rule 200 protocol 'udp' set firewall ipv4 name local-trusted rule 200 protocol 'udp'
set firewall ipv4 name local-trusted rule 200 source group address-group 'sonos_players' set firewall ipv4 name local-trusted rule 200 source group address-group 'sonos_players'
set firewall ipv4 name local-trusted rule 400 action 'accept' set firewall ipv4 name local-trusted rule 400 action 'accept'
@ -472,6 +493,16 @@ set firewall ipv4 name containers-wan description 'From CONTAINERS to WAN'
# From TRUSTED to IOT # From TRUSTED to IOT
set firewall ipv4 name trusted-iot default-action 'accept' set firewall ipv4 name trusted-iot default-action 'accept'
set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT' set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT'
set firewall ipv4 name trusted-iot rule 110 action 'accept'
set firewall ipv4 name trusted-iot rule 110 description 'Rule: accept_tcp_from_sonos_controllers_to_sonos_players'
set firewall ipv4 name trusted-iot rule 110 destination port '1400,1443,4444,7000,30000-65535'
set firewall ipv4 name trusted-iot rule 110 protocol 'tcp'
set firewall ipv4 name trusted-iot rule 110 source group address-group 'sonos_controllers'
set firewall ipv4 name trusted-iot rule 111 action 'accept'
set firewall ipv4 name trusted-iot rule 111 description 'Rule: accept_udp_from_sonos_controllers_to_sonos_players'
set firewall ipv4 name trusted-iot rule 111 destination port '319,320,30000-65535'
set firewall ipv4 name trusted-iot rule 111 protocol 'udp'
set firewall ipv4 name trusted-iot rule 111 source group address-group 'sonos_controllers'
set firewall ipv4 name trusted-iot rule 999 action 'drop' set firewall ipv4 name trusted-iot rule 999 action 'drop'
set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid' set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid'
set firewall ipv4 name trusted-iot rule 999 state invalid set firewall ipv4 name trusted-iot rule 999 state invalid
@ -510,9 +541,14 @@ set firewall ipv4 name trusted-local rule 120 action 'accept'
set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns' set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns'
set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s' set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s'
set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp' set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp'
set firewall ipv4 name trusted-local rule 210 action 'accept'
set firewall ipv4 name trusted-local rule 210 description 'Rule: accept_discovery_from_sonos_controllers'
set firewall ipv4 name trusted-local rule 210 destination group port-group sonos-controller-discovery
set firewall ipv4 name trusted-local rule 210 protocol 'udp'
set firewall ipv4 name trusted-local rule 210 source group address-group 'sonos_controllers'
set firewall ipv4 name trusted-local rule 211 action 'accept' set firewall ipv4 name trusted-local rule 211 action 'accept'
set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players' set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players'
set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-discovery set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-player-discovery
set firewall ipv4 name trusted-local rule 211 protocol 'udp' set firewall ipv4 name trusted-local rule 211 protocol 'udp'
set firewall ipv4 name trusted-local rule 211 source group address-group 'sonos_players' set firewall ipv4 name trusted-local rule 211 source group address-group 'sonos_players'
set firewall ipv4 name trusted-local rule 400 action 'accept' set firewall ipv4 name trusted-local rule 400 action 'accept'

View file

@ -27,6 +27,19 @@ set firewall group address-group vyos_unifi address '10.5.0.10'
set firewall group network-group k8s_services network '10.45.0.0/16' set firewall group network-group k8s_services network '10.45.0.0/16'
set firewall group address-group sonos_players address '10.1.2.31' set firewall group address-group sonos_players address '10.1.2.31'
# Sonos controllers
set firewall group port-group sonos-controller-api port '1400'
set firewall group port-group sonos-controller-discovery port '1900'
set firewall group address-group sonos_controllers address '10.1.2.21' # jahanson laptop
set firewall group address-group sonos_controllers address '10.1.2.22-10.1.2.23' # Elisia's laptop
set firewall group address-group sonos_controllers address '10.1.2.31-10.1.2.37' # iOS devices
# Sonos players
set firewall group port-group sonos-player-discovery port '1900'
set firewall group address-group sonos_players address '10.1.3.71-10.1.3.75'
# Port groups # Port groups
set firewall group port-group wireguard port '51820' set firewall group port-group wireguard port '51820'
set firewall group port-group sonos-discovery port '1900-1902' set firewall group port-group sonos-discovery port '1900-1902'

View file

@ -142,14 +142,22 @@ set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mappin
# Switchbot plugs # Switchbot plugs
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 ip-address '10.1.3.33' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 ip-address '10.1.3.31'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 mac-address 'A0:76:4E:21:DE:D0' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 mac-address 'A0:76:4E:21:DE:D0'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 ip-address '10.1.3.34' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 ip-address '10.1.3.32'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 mac-address '34:85:18:0E:C7:CC' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 mac-address '34:85:18:0E:C7:CC'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 ip-address '10.1.3.35' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 ip-address '10.1.3.33'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 mac-address '68:B6:B3:B3:EF:6C' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 mac-address '68:B6:B3:B3:EF:6C'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 ip-address '10.1.3.36' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 ip-address '10.1.3.34'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 mac-address 'A0:76:4E:1F:D7:84' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 mac-address 'A0:76:4E:1F:D7:84'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-5 ip-address '10.1.3.35'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-5 mac-address '34:85:18:10:37:60'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-6 ip-address '10.1.3.36'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-6 mac-address 'A0:76:4E:35:81:38'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-7 ip-address '10.1.3.37'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-7 mac-address '68:b6:b3:b2:5a:30'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-8 ip-address '10.1.3.38'
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-8 mac-address '68:B6:B3:B7:EF:24'
# Sonos # Sonos
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping office-sonos-beam ip-address '10.1.3.71' set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping office-sonos-beam ip-address '10.1.3.71'

View file

@ -13,6 +13,16 @@ set service ntp server time.cloudflare.com
set service ssh disable-password-authentication set service ssh disable-password-authentication
set service ssh port '22' set service ssh port '22'
# UDP Broadcast-Relay
set service broadcast-relay id 1 description 'Sonos'
set service broadcast-relay id 1 interface 'eth1.20'
set service broadcast-relay id 1 interface 'eth1.30'
set service broadcast-relay id 1 port '1900'
# mDNS Repeater
set service mdns repeater interface 'eth1.20'
set service mdns repeater interface 'eth1.30'
# TFTP server # TFTP server
set service tftp-server directory '/config/tftpboot' set service tftp-server directory '/config/tftpboot'
set service tftp-server listen-address 10.1.1.1 set service tftp-server listen-address 10.1.1.1