minidlna: Fix incorrect marking for firewall local protection

MiniDLNA's TCP service has been incorrectly marked as needing to be protected from local users. This leads to service not being accessible from local network. Fix this by removing local protection. As reported on https://discuss.freedombox.org/t/minidlna-on-22-26/2386 Tests: - With MiniDLNA installed, apply the changes and restart service. 'nft list ruleset ip', 'nft list ruleset ip6' and 'cat /etc/firewalld/direct.xml' confirm that port 8200 is no longer protected as a local service. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2022-12-14 17:04:54 -08:00 · 2022-12-14 17:04:54 -08:00 · 740609c339
commit 740609c339
parent 7e0b728498
1 changed files with 11 additions and 7 deletions
--- a/plinth/modules/minidlna/init.py
+++ b/plinth/modules/minidlna/init.py
@ -7,10 +7,10 @@ from django.utils.translation import gettext_lazy as _
 from plinth import app as app_module
 from plinth import frontpage, menu
 from plinth.daemon import Daemon
+from plinth.modules import firewall
 from plinth.modules.apache.components import Webserver
 from plinth.modules.backups.components import BackupRestore
-from plinth.modules.firewall.components import (Firewall,
-                                                FirewallLocalProtection)
+from plinth.modules.firewall.components import Firewall
 from plinth.modules.users.components import UsersAndGroups
 from plinth.package import Packages, install
 from plinth.utils import Version
@ -34,7 +34,7 @@ class MiniDLNAApp(app_module.App):

    app_id = 'minidlna'

-    _version = 3
+    _version = 4

    def __init__(self):
        """Initialize the app components."""
@ -75,10 +75,6 @@ class MiniDLNAApp(app_module.App):
                            is_external=False)
        self.add(firewall)

-        firewall_local_protection = FirewallLocalProtection(
-            'firewall-local-protection-minidlna', ['8200'])
-        self.add(firewall_local_protection)
-
        webserver = Webserver('webserver-minidlna', 'minidlna-freedombox',
                              urls=['https://{host}/_minidlna/'])
        self.add(webserver)
@ -98,6 +94,14 @@ class MiniDLNAApp(app_module.App):
        """Install and configure the app."""
        super().setup(old_version)
        privileged.setup()
+        if old_version == 3:
+            # Version 3 of the app incorrectly declared port 8200 for firewall
+            # local protection.
+            firewall.remove_passthrough('ipv6', '-A', 'INPUT', '-p', 'tcp',
+                                        '--dport', '8200', '-j', 'REJECT')
+            firewall.remove_passthrough('ipv4', '-A', 'INPUT', '-p', 'tcp',
+                                        '--dport', '8200', '-j', 'REJECT')
+
        if not old_version:
            self.enable()