Wednesday, 20 November 2013

Avahi Firewall and Service Enabling

This post is part of my ongoing project to create an Avahi configuration package for Pidora Linux. My last post detailed my exploration of Avahi TXT records.

This post will be focused on two small topics. Avahi and firewalls as well as automatically starting the Avahi service on Pidora Linux.

The first task is simple. Avahi requires UDP port 5353 to send and receive queries. To ensure Avahi runs properly, my configuration package will modify the iptables files and current running iptables with the following command:

iptables -I INPUT -p udp --dport 5353 -j ACCEPT

I will, have to modify this rule and substitute the destination and source address to reduce the security risk this opening will cause.

The next portion of Avahi which I should configure is automatic start up. On Pidora Linux, Avahi does not start on boot. In fact it can't even be easily enabled as a service. It's symbolic link in /etc/systemd/system is pointed to /dev/null which puts it into a "masked" state.

I think my package will delete these links, recreate proper links and start the avahi service. This will be done with the following commands:

rm -rf /etc/systemd/system/avahi-daemon.s*
systemctl enable avahi-daemon.service
systemctl start avahi-daemon.service


Post a Comment