mDNS and sonos.
This commit is contained in:
parent
f3d4c9cdaf
commit
dbd2fa36a9
4 changed files with 73 additions and 6 deletions
|
@ -38,6 +38,11 @@ set firewall ipv4 name iot-local rule 200 description 'Rule: accept_discovery_fr
|
||||||
set firewall ipv4 name iot-local rule 200 destination group port-group sonos-discovery
|
set firewall ipv4 name iot-local rule 200 destination group port-group sonos-discovery
|
||||||
set firewall ipv4 name iot-local rule 200 protocol 'udp'
|
set firewall ipv4 name iot-local rule 200 protocol 'udp'
|
||||||
set firewall ipv4 name iot-local rule 200 source group address-group 'sonos_players'
|
set firewall ipv4 name iot-local rule 200 source group address-group 'sonos_players'
|
||||||
|
set firewall ipv4 name iot-local rule 220 action 'accept'
|
||||||
|
set firewall ipv4 name iot-local rule 220 description 'Rule: accept_api_from_sonos_controllers'
|
||||||
|
set firewall ipv4 name iot-local rule 220 destination group port-group sonos-controller-api
|
||||||
|
set firewall ipv4 name iot-local rule 220 protocol 'tcp'
|
||||||
|
set firewall ipv4 name iot-local rule 220 source group address-group 'sonos_controllers'
|
||||||
set firewall ipv4 name iot-local rule 999 action 'drop'
|
set firewall ipv4 name iot-local rule 999 action 'drop'
|
||||||
set firewall ipv4 name iot-local rule 999 description 'Rule: drop_invalid'
|
set firewall ipv4 name iot-local rule 999 description 'Rule: drop_invalid'
|
||||||
set firewall ipv4 name iot-local rule 999 state invalid
|
set firewall ipv4 name iot-local rule 999 state invalid
|
||||||
|
@ -74,6 +79,17 @@ set firewall ipv4 name iot-containers rule 999 log
|
||||||
set firewall ipv4 name iot-trusted default-action 'drop'
|
set firewall ipv4 name iot-trusted default-action 'drop'
|
||||||
set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED'
|
set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED'
|
||||||
set firewall ipv4 name iot-trusted default-log
|
set firewall ipv4 name iot-trusted default-log
|
||||||
|
set firewall ipv4 name iot-trusted rule 100 description 'Rule: accept_udp_from_sonos_players_to_sonos_controllers'
|
||||||
|
set firewall ipv4 name iot-trusted rule 100 destination group address-group 'sonos_controllers'
|
||||||
|
set firewall ipv4 name iot-trusted rule 100 destination port '319,320,30000-65535'
|
||||||
|
set firewall ipv4 name iot-trusted rule 100 protocol 'udp'
|
||||||
|
set firewall ipv4 name iot-trusted rule 100 source group address-group 'sonos_players'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 action 'accept'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 description 'Rule: accept_tcp_from_sonos_players_to_sonos_controllers'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 destination group address-group 'sonos_controllers'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 destination port '1400,3400,3401,3500,30000-65535'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 protocol 'tcp'
|
||||||
|
set firewall ipv4 name iot-trusted rule 110 source group address-group 'sonos_players'
|
||||||
set firewall ipv4 name iot-trusted rule 999 action 'drop'
|
set firewall ipv4 name iot-trusted rule 999 action 'drop'
|
||||||
set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid'
|
set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid'
|
||||||
set firewall ipv4 name iot-trusted rule 999 state invalid
|
set firewall ipv4 name iot-trusted rule 999 state invalid
|
||||||
|
@ -190,6 +206,11 @@ set firewall ipv4 name local-iot rule 110 description 'Rule: accept_mdns'
|
||||||
set firewall ipv4 name local-iot rule 110 destination port 'mdns'
|
set firewall ipv4 name local-iot rule 110 destination port 'mdns'
|
||||||
set firewall ipv4 name local-iot rule 110 protocol 'udp'
|
set firewall ipv4 name local-iot rule 110 protocol 'udp'
|
||||||
set firewall ipv4 name local-iot rule 110 source port 'mdns'
|
set firewall ipv4 name local-iot rule 110 source port 'mdns'
|
||||||
|
set firewall ipv4 name local-iot rule 200 action 'accept'
|
||||||
|
set firewall ipv4 name local-iot rule 200 description 'Rule: accept_discovery_from_sonos_controllers'
|
||||||
|
set firewall ipv4 name local-iot rule 200 destination group port-group sonos-controller-discovery
|
||||||
|
set firewall ipv4 name local-iot rule 200 protocol 'udp'
|
||||||
|
set firewall ipv4 name local-iot rule 200 source group address-group 'sonos_controllers'
|
||||||
set firewall ipv4 name local-iot rule 999 action 'drop'
|
set firewall ipv4 name local-iot rule 999 action 'drop'
|
||||||
set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid'
|
set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid'
|
||||||
set firewall ipv4 name local-iot rule 999 state invalid
|
set firewall ipv4 name local-iot rule 999 state invalid
|
||||||
|
@ -256,7 +277,7 @@ set firewall ipv4 name local-trusted rule 110 protocol 'udp'
|
||||||
set firewall ipv4 name local-trusted rule 110 source port 'mdns'
|
set firewall ipv4 name local-trusted rule 110 source port 'mdns'
|
||||||
set firewall ipv4 name local-trusted rule 200 action 'accept'
|
set firewall ipv4 name local-trusted rule 200 action 'accept'
|
||||||
set firewall ipv4 name local-trusted rule 200 description 'Rule: accept_discovery_from_sonos_players'
|
set firewall ipv4 name local-trusted rule 200 description 'Rule: accept_discovery_from_sonos_players'
|
||||||
set firewall ipv4 name local-trusted rule 200 destination group port-group sonos-discovery
|
set firewall ipv4 name local-trusted rule 200 destination group port-group sonos-player-discovery
|
||||||
set firewall ipv4 name local-trusted rule 200 protocol 'udp'
|
set firewall ipv4 name local-trusted rule 200 protocol 'udp'
|
||||||
set firewall ipv4 name local-trusted rule 200 source group address-group 'sonos_players'
|
set firewall ipv4 name local-trusted rule 200 source group address-group 'sonos_players'
|
||||||
set firewall ipv4 name local-trusted rule 400 action 'accept'
|
set firewall ipv4 name local-trusted rule 400 action 'accept'
|
||||||
|
@ -472,6 +493,16 @@ set firewall ipv4 name containers-wan description 'From CONTAINERS to WAN'
|
||||||
# From TRUSTED to IOT
|
# From TRUSTED to IOT
|
||||||
set firewall ipv4 name trusted-iot default-action 'accept'
|
set firewall ipv4 name trusted-iot default-action 'accept'
|
||||||
set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT'
|
set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT'
|
||||||
|
set firewall ipv4 name trusted-iot rule 110 action 'accept'
|
||||||
|
set firewall ipv4 name trusted-iot rule 110 description 'Rule: accept_tcp_from_sonos_controllers_to_sonos_players'
|
||||||
|
set firewall ipv4 name trusted-iot rule 110 destination port '1400,1443,4444,7000,30000-65535'
|
||||||
|
set firewall ipv4 name trusted-iot rule 110 protocol 'tcp'
|
||||||
|
set firewall ipv4 name trusted-iot rule 110 source group address-group 'sonos_controllers'
|
||||||
|
set firewall ipv4 name trusted-iot rule 111 action 'accept'
|
||||||
|
set firewall ipv4 name trusted-iot rule 111 description 'Rule: accept_udp_from_sonos_controllers_to_sonos_players'
|
||||||
|
set firewall ipv4 name trusted-iot rule 111 destination port '319,320,30000-65535'
|
||||||
|
set firewall ipv4 name trusted-iot rule 111 protocol 'udp'
|
||||||
|
set firewall ipv4 name trusted-iot rule 111 source group address-group 'sonos_controllers'
|
||||||
set firewall ipv4 name trusted-iot rule 999 action 'drop'
|
set firewall ipv4 name trusted-iot rule 999 action 'drop'
|
||||||
set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid'
|
set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid'
|
||||||
set firewall ipv4 name trusted-iot rule 999 state invalid
|
set firewall ipv4 name trusted-iot rule 999 state invalid
|
||||||
|
@ -510,9 +541,14 @@ set firewall ipv4 name trusted-local rule 120 action 'accept'
|
||||||
set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns'
|
set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns'
|
||||||
set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s'
|
set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s'
|
||||||
set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp'
|
set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name trusted-local rule 210 action 'accept'
|
||||||
|
set firewall ipv4 name trusted-local rule 210 description 'Rule: accept_discovery_from_sonos_controllers'
|
||||||
|
set firewall ipv4 name trusted-local rule 210 destination group port-group sonos-controller-discovery
|
||||||
|
set firewall ipv4 name trusted-local rule 210 protocol 'udp'
|
||||||
|
set firewall ipv4 name trusted-local rule 210 source group address-group 'sonos_controllers'
|
||||||
set firewall ipv4 name trusted-local rule 211 action 'accept'
|
set firewall ipv4 name trusted-local rule 211 action 'accept'
|
||||||
set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players'
|
set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players'
|
||||||
set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-discovery
|
set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-player-discovery
|
||||||
set firewall ipv4 name trusted-local rule 211 protocol 'udp'
|
set firewall ipv4 name trusted-local rule 211 protocol 'udp'
|
||||||
set firewall ipv4 name trusted-local rule 211 source group address-group 'sonos_players'
|
set firewall ipv4 name trusted-local rule 211 source group address-group 'sonos_players'
|
||||||
set firewall ipv4 name trusted-local rule 400 action 'accept'
|
set firewall ipv4 name trusted-local rule 400 action 'accept'
|
||||||
|
|
|
@ -27,6 +27,19 @@ set firewall group address-group vyos_unifi address '10.5.0.10'
|
||||||
set firewall group network-group k8s_services network '10.45.0.0/16'
|
set firewall group network-group k8s_services network '10.45.0.0/16'
|
||||||
set firewall group address-group sonos_players address '10.1.2.31'
|
set firewall group address-group sonos_players address '10.1.2.31'
|
||||||
|
|
||||||
|
# Sonos controllers
|
||||||
|
set firewall group port-group sonos-controller-api port '1400'
|
||||||
|
set firewall group port-group sonos-controller-discovery port '1900'
|
||||||
|
|
||||||
|
set firewall group address-group sonos_controllers address '10.1.2.21' # jahanson laptop
|
||||||
|
set firewall group address-group sonos_controllers address '10.1.2.22-10.1.2.23' # Elisia's laptop
|
||||||
|
set firewall group address-group sonos_controllers address '10.1.2.31-10.1.2.37' # iOS devices
|
||||||
|
|
||||||
|
# Sonos players
|
||||||
|
set firewall group port-group sonos-player-discovery port '1900'
|
||||||
|
|
||||||
|
set firewall group address-group sonos_players address '10.1.3.71-10.1.3.75'
|
||||||
|
|
||||||
# Port groups
|
# Port groups
|
||||||
set firewall group port-group wireguard port '51820'
|
set firewall group port-group wireguard port '51820'
|
||||||
set firewall group port-group sonos-discovery port '1900-1902'
|
set firewall group port-group sonos-discovery port '1900-1902'
|
||||||
|
|
|
@ -142,14 +142,22 @@ set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mappin
|
||||||
|
|
||||||
|
|
||||||
# Switchbot plugs
|
# Switchbot plugs
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 ip-address '10.1.3.33'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 ip-address '10.1.3.31'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 mac-address 'A0:76:4E:21:DE:D0'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-1 mac-address 'A0:76:4E:21:DE:D0'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 ip-address '10.1.3.34'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 ip-address '10.1.3.32'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 mac-address '34:85:18:0E:C7:CC'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-2 mac-address '34:85:18:0E:C7:CC'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 ip-address '10.1.3.35'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 ip-address '10.1.3.33'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 mac-address '68:B6:B3:B3:EF:6C'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-3 mac-address '68:B6:B3:B3:EF:6C'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 ip-address '10.1.3.36'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 ip-address '10.1.3.34'
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 mac-address 'A0:76:4E:1F:D7:84'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-4 mac-address 'A0:76:4E:1F:D7:84'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-5 ip-address '10.1.3.35'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-5 mac-address '34:85:18:10:37:60'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-6 ip-address '10.1.3.36'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-6 mac-address 'A0:76:4E:35:81:38'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-7 ip-address '10.1.3.37'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-7 mac-address '68:b6:b3:b2:5a:30'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-8 ip-address '10.1.3.38'
|
||||||
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping switchbot-plug-mini-8 mac-address '68:B6:B3:B7:EF:24'
|
||||||
|
|
||||||
# Sonos
|
# Sonos
|
||||||
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping office-sonos-beam ip-address '10.1.3.71'
|
set service dhcp-server shared-network-name IOT subnet 10.1.3.0/24 static-mapping office-sonos-beam ip-address '10.1.3.71'
|
||||||
|
|
|
@ -13,6 +13,16 @@ set service ntp server time.cloudflare.com
|
||||||
set service ssh disable-password-authentication
|
set service ssh disable-password-authentication
|
||||||
set service ssh port '22'
|
set service ssh port '22'
|
||||||
|
|
||||||
|
# UDP Broadcast-Relay
|
||||||
|
set service broadcast-relay id 1 description 'Sonos'
|
||||||
|
set service broadcast-relay id 1 interface 'eth1.20'
|
||||||
|
set service broadcast-relay id 1 interface 'eth1.30'
|
||||||
|
set service broadcast-relay id 1 port '1900'
|
||||||
|
|
||||||
|
# mDNS Repeater
|
||||||
|
set service mdns repeater interface 'eth1.20'
|
||||||
|
set service mdns repeater interface 'eth1.30'
|
||||||
|
|
||||||
# TFTP server
|
# TFTP server
|
||||||
set service tftp-server directory '/config/tftpboot'
|
set service tftp-server directory '/config/tftpboot'
|
||||||
set service tftp-server listen-address 10.1.1.1
|
set service tftp-server listen-address 10.1.1.1
|
Reference in a new issue