drsky 0 Posted October 22, 2019 Share Posted October 22, 2019 hello, why when i use my iptables script it blocks emby? i have however opened ports associated with emby. #! /bin/sh ### BEGIN INIT INFO # Provides: PersonalFirewall # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Personal Firewall # Description: Init the firewall rules ### END INIT INFO # programme iptables IPV4 et IPV6 IPT=/sbin/iptables IP6T=/sbin/ip6tables # Les IPs #IP_TRUSTED=xx.xx.xx.xx do_start() { # Efface toutes les regles en cours. -F toutes. -X utilisateurs $IPT -t filter -F $IPT -t filter -X $IPT -t nat -F $IPT -t nat -X $IPT -t mangle -F $IPT -t mangle -X $IP6T -t filter -F $IP6T -t filter -X $IP6T -t mangle -F $IP6T -t mangle -X # strategie (-P) par defaut : bloc tout l'entrant le forward et autorise le sortant $IPT -t filter -P INPUT DROP $IPT -t filter -P FORWARD DROP $IPT -t filter -P OUTPUT ACCEPT $IP6T -t filter -P INPUT DROP $IP6T -t filter -P FORWARD DROP $IP6T -t filter -P OUTPUT ACCEPT # Loopback $IPT -t filter -A INPUT -i lo -j ACCEPT $IPT -t filter -A OUTPUT -o lo -j ACCEPT $IP6T -t filter -A INPUT -i lo -j ACCEPT $IP6T -t filter -A OUTPUT -o lo -j ACCEPT # Permettre a une connexion ouverte de recevoir du trafic en entree $IPT -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6T -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ICMP $IPT -t filter -A INPUT -p icmp -j ACCEPT # DNS:53 $IPT -t filter -A INPUT -p tcp --dport 53 -j ACCEPT $IPT -t filter -A INPUT -p udp --dport 53 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 53 -j ACCEPT $IP6T -t filter -A INPUT -p udp --dport 53 -j ACCEPT # SSH:22 # ATTENTION, indiques bien ton port personnalisé si tu l'as changé $IPT -t filter -A INPUT -p tcp --dport 22 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 22 -j ACCEPT # HTTP:80 $IPT -t filter -A INPUT -p tcp --dport 80 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 80 -j ACCEPT # HTTPS:443 $IPT -t filter -A INPUT -p tcp --dport 443 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 443 -j ACCEPT # SMPT:25/587/465 $IPT -t filter -A INPUT -p tcp --dport 25 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 25 -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 587 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 587 -j ACCEPT # $IPT -t filter -A INPUT -p tcp --dport 465 -j ACCEPT # $IP6T -t filter -A INPUT -p tcp --dport 465 -j ACCEPT # POP3:110/995 # $IPT -t filter -A INPUT -p tcp --dport 110 -j ACCEPT # $IP6T -t filter -A INPUT -p tcp --dport 110 -j ACCEPT # $IPT -t filter -A INPUT -p tcp --dport 995 -j ACCEPT # $IP6T -t filter -A INPUT -p tcp --dport 995 -j ACCEPT # IMAP / SIEVE : 143/993/4190 # $IPT -t filter -A INPUT -p tcp --dport 143 -j ACCEPT # $IP6T -t filter -A INPUT -p tcp --dport 143 -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 993 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 993 -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 4190 -j ACCEPT $IP6T -t filter -A INPUT -p tcp --dport 4190 -j ACCEPT # accepte tout d'une ip en TCP # $IPT -t filter -A INPUT -p tcp -s $IP_TRUSTED -j ACCEPT # emby server $IPT -A INPUT -p tcp -m multiport --dports 8096,8920 -j ACCEPT echo "firewall started [OK]" } # fonction qui arrete le firewall do_stop() { # Efface toutes les regles $IPT -t filter -F $IPT -t filter -X $IPT -t nat -F $IPT -t nat -X $IPT -t mangle -F $IPT -t mangle -X $IP6T -t filter -F $IP6T -t filter -X $IP6T -t mangle -F $IP6T -t mangle -X # remet la strategie $IPT -t filter -P INPUT ACCEPT $IPT -t filter -P OUTPUT ACCEPT $IPT -t filter -P FORWARD ACCEPT $IP6T -t filter -P INPUT ACCEPT $IP6T -t filter -P OUTPUT ACCEPT $IP6T -t filter -P FORWARD ACCEPT # echo "firewall stopped [OK]" } # fonction status firewall do_status() { # affiche les regles en cours clear echo Status IPV4 echo ----------------------------------------------- $IPT -L -n -v echo echo ----------------------------------------------- echo echo status IPV6 echo ----------------------------------------------- $IP6T -L -n -v echo } case "$1" in start) do_start exit 0 ;; stop) do_stop exit 0 ;; restart) do_stop do_start exit 0 ;; status) do_status exit 0 ;; *) echo "Usage: /etc/init.d/firewall {start|stop|restart|status}" exit 1 ;; esac if anyone has an idea thank you in advance. Link to comment Share on other sites More sharing options...
Luke 37058 Posted October 22, 2019 Share Posted October 22, 2019 @@pir8radio may have some tips. Link to comment Share on other sites More sharing options...
riothamus 51 Posted October 22, 2019 Share Posted October 22, 2019 You didn't specify your 'filter' table in your line for Emby. You did so in your other lines, however. So: $IPT -t filter -A INPUT -p tcp -m multiport --dports 8096,8920 -j ACCEPT Link to comment Share on other sites More sharing options...
drsky 0 Posted October 23, 2019 Author Share Posted October 23, 2019 so obvious ... it works thank you. I have another problem, I have to recreate a post? in case : I can not add my key emby premiere. when my key is returned I'm told that it's good but when I want to convert a movie they tell me to subscribe. i add capture. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted October 23, 2019 Share Posted October 23, 2019 you've likely blocked the outbound request to emby's key validation server. Link to comment Share on other sites More sharing options...
drsky 0 Posted October 23, 2019 Author Share Posted October 23, 2019 yet even with disabled iptables impossible to enter my key Link to comment Share on other sites More sharing options...
Happy2Play 8281 Posted October 23, 2019 Share Posted October 23, 2019 Does the Dashboard show the Emby Premiere badge? Is there a Status section on Dashboard-Emby Premiere? Link to comment Share on other sites More sharing options...
Luke 37058 Posted October 23, 2019 Share Posted October 23, 2019 Disable or remove any browser add-ins. Some security add-ins (like Privacy Badger) can block our ability to validate the key Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now