2023-05-21 Fred Gleason <fredg@paravelsystems.com>

* Added a 'rivendell' service for firewalld(1). Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-17 08:01:13 +02:00 · 2023-05-21 09:42:30 -04:00
parent 7994f72c5b
commit b9c2c8a9b6
6 changed files with 74 additions and 1 deletions
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -1,6 +1,6 @@
 ## Makefile.am
 ##
-## (C) Copyright 2002-2022 Fred Gleason <fredg@paravelsystems.com>
+## (C) Copyright 2002-2023 Fred Gleason <fredg@paravelsystems.com>
 ##
 ##   This program is free software; you can redistribute it and/or modify
 ##   it under the terms of the GNU General Public License version 2 as
@@ -23,18 +23,25 @@ install-exec-am:
 	cp rd-bin.conf $(DESTDIR)/$(sysconfdir)/
 	mkdir -p $(DESTDIR)/etc/pam.d
 	cp @RIVENDELL_PAM_FILE@ $(DESTDIR)/etc/pam.d/rivendell
+	mkdir -p $(DESTDIR)/usr/lib/firewalld/services
+	cp rivendell-firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload

 uninstall:	
 	rm -f $(DESTDIR)/$(sysconfdir)/rd-bin.conf
 	rm -f $(DESTDIR)/etc/pam.d/rivendell
+	rm -f $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload

 EXTRA_DIST = asound.conf-sample\
+             firewalld.sh\
             logrotate-sample\
             rd-bin.conf.in\
             rd.conf-sample\
             rivendell-rhel.pam\
             rivendell-ubuntu.pam\
             rivendell-env.sh\
+             rivendell-firewalld.xml\
             rivendell-webapi.conf\
             syslog.conf-sample

--- a/conf/firewalld.sh
+++ b/conf/firewalld.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# firewalld.sh
+#
+#  Control firewalld
+#
+# (C) Copyright 2023 Fred Gleason <fredg@paravelsystems.com>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License version 2 as
+#   published by the Free Software Foundation.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+OPERATION=$1
+
+if test $UID -eq 0 ; then
+    if test -z $FAKEROOTKEY ; then
+	if test $OPERATION = "reload" ; then
+	    /bin/systemctl reload firewalld
+	fi
+	if test $OPERATION = "add" ; then
+	    /bin/firewall-cmd --zone=public --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --add-service=rivendell --permanent
+	fi
+	if test $OPERATION = "remove" ; then
+	    /bin/firewall-cmd --zone=public --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --remove-service=rivendell --permanent
+	fi
+    fi
+fi
--- a/conf/rd.conf-sample
+++ b/conf/rd.conf-sample
@@ -199,6 +199,11 @@ TranscodingDelay=0
 ; meters. You should only change this if you have another service
 ; using UDP Port numbers in the range MeterPortBaseNumber to
 ; (MeterPortBaseNumber + MeterPortRange) (extremely rare).
+;
+; N.B. If you change either of these meter port settings, be sure to update
+;      the firewalld(8) settings in '/usr/lib/firewalld/services/rivendell.xml'
+;      as well.
+;
 ; MeterPortBaseNumber=30000

 ; Maximum number of UDP Ports to consider for VU meters. You may need
--- a/conf/rivendell-firewalld.xml
+++ b/conf/rivendell-firewalld.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Rivendell Radio Automation System</short>
+  <description>System for automating the capture, management and play-out of audio content.</description>
+  <port protocol="udp" port="2055"/>        <!-- Livewire GPIO Send -->
+  <port protocol="udp" port="2060"/>        <!-- Livewire GPIO Receive -->
+  <port protocol="udp" port="4001"/>        <!-- Livewire Adverts -->
+  <port protocol="tcp" port="5005"/>        <!-- IPC [caed(8)] -->
+  <port protocol="tcp" port="5006"/>        <!-- IPC [ripcd(8)] -->
+  <port protocol="udp" port="5858-5860"/>   <!-- RML [ripcd(8)] -->
+  <port protocol="udp" port="20539"/>       <!-- Mcast Notify [ripcd(8)] -->
+  <port protocol="udp" port="30000-30100"/> <!-- Meters [caed(8)] -->
+  <port protocol="tcp" port="34289"/>       <!-- PAD [ripcd(8)] -->
+</service>