Prevent DLNA and AIRPLAY Broadcasting on WLAN1
catkinso
Member
Posts: 55
#1
2013-11-21, 10:25
Hi,

Is there a way I can stop XBMC from broadcasting its services over wlan1?

I only want these services broadcast on eth0.

I have tried a whole bunch of firewall settings to no avail Sad

Any help gratefully received, below is the iptables output, as you can see I seem to be missing the correct ports (only port 1900 registers packets being dropped)

This despite doing a fair bit of search for which ports need to be dropped .

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- wlan1 any anywhere anywhere tcp spt:http
0 0 ACCEPT udp -- wlan1 any anywhere anywhere udp spt:domain
0 0 ACCEPT tcp -- wlan1 any anywhere anywhere tcp dptConfusedsh
9 756 ACCEPT icmp -- any any anywhere anywhere
453 87552 ACCEPT all -- eth0 any anywhere anywhere
83 19768 DROP all -- any any anywhere anywhere

Chain FORWARD (policy ACCEPT 30 packets, 9758 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- wlan1 any anywhere anywhere udp dpt:5289
0 0 DROP udp -- wlan1 any anywhere anywhere udp dpt:9090
0 0 DROP udp -- wlan1 any anywhere anywhere udp dpt:http-alt
0 0 DROP tcp -- wlan1 any anywhere anywhere tcp dpt:9090
0 0 DROP tcp -- wlan1 any anywhere anywhere tcp dpt:http-alt
0 0 DROP tcp -- wlan1 any anywhere anywhere tcp dpt:2869
0 0 DROP tcp -- wlan1 any anywhere anywhere tcp dpt:8895
0 0 DROP udp -- wlan1 any anywhere anywhere udp dpt:xmpp-client
0 0 DROP udp -- wlan1 any anywhere anywhere udp dpt:mdns

Chain OUTPUT (policy ACCEPT 23 packets, 2572 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- any wlan1 anywhere anywhere udp dpt:9090
0 0 DROP udp -- any wlan1 anywhere anywhere udp dpt:http-alt
0 0 DROP tcp -- any wlan1 anywhere anywhere tcp dpt:9090
0 0 DROP tcp -- any wlan1 anywhere anywhere tcp dpt:http-alt
0 0 DROP tcp -- any wlan1 anywhere anywhere tcp dpt:2869
0 0 DROP tcp -- any wlan1 anywhere anywhere tcp dpt:8895
12 4186 DROP udp -- any wlan1 anywhere anywhere udp dpt:1900
0 0 DROP udp -- any wlan1 anywhere anywhere udp dpt:5289
0 0 DROP udp -- any wlan1 anywhere anywhere udp dpt:xmpp-client
0 0 DROP udp -- any wlan1 anywhere anywhere udp dpt:mdns
Find
Reply
catkinso
Member
Posts: 55
#2
2013-11-22, 11:09
So interestingly, (and I don't know why) blocking every port known to man does not stop bonjour......however disabling multicast on the interface does.

Success.

Hopefuly I have saved someone else the three day of life lost! Wink
Find
Reply
Kib
Team-Kodi Member
Posts: 5,174
#3
2013-11-22, 23:07
Bonjour is a zeroconf implementation which uses multicast DNS (mDNS). It has a specific reserved multicast address for both IPv4 and IPv6 so you only would need to block those specific multicast addresses on the wlan to stop it from broadcasting. The two reserved addresses are:
- addresses 224.0.0.251 (ipv4) and FF02::FB (ipv6)
In addition to this, incoming communication is done towards a listening port on every interface. You could block incoming messages to this.
- port 5353 UDP.

It also uses DNS service discovery (DNS-SD) which is similar to how Active Directory discovery works. But that is hardly interesting in this case Wink

See:
http://files.multicastdns.org/draft-ches...astdns.txt
http://files.dns-sd.org/draft-cheshire-d...dns-sd.txt
Find
Reply
catkinso
Member
Posts: 55
#4
2013-11-23, 18:29
Thanks that explains things alot Smile
Find
Reply

Home
Search
Help
Logout Mark Read Team Forum Stats Members Help
Prevent DLNA and AIRPLAY Broadcasting on WLAN10