Firewall blocking discovery

[rnovacek]

I'm running Fedora 36 with firewalld and I cannot get discovery to work, it's blocked by the firewall.

When I enable logging using sudo firewall-cmd --set-log-denied=all, I can see this line when running discovery:

lis 09 15:08:39 yoga kernel: filter_IN_public_REJECT: IN=wlp1s0 OUT= MAC=6c:6a:77:a4:d4:1d:f4:91:1e:c2:20:80:08:00 SRC=192.168.1.110 DST=192.168.1.151 LEN=407 TOS=0x00 PREC=0x00 TTL=64 ID=2474 PROTO=UDP SPT=7000 DPT=59717 LEN=387

Given that the port for incoming data is assigned dynamically every time, I cannot set up a rule in the firewall. So I tried setting fixed port on this line and allowing that in firewalld (firewall-cmd --zone=public --add-port XXX/udp). Then the discovery works.

Any ideas how we can use some stable port number and prevent collision with already open ports, so the readme can describe what's needed for the discovery?

[rnovacek]

It seems to be possible to send the discovery directly to the IP address of the device. It works with default firewall settings:

nc -u 192.168.1.110 7000
{"t": "scan"}

Gets this response:

{"t":"pack","i":1,"uid":0,"cid":"f4911ec22080","tcid":"222996f2e147","pack":"..."}

[cmroche]

Yes, Gree device seem to work with either broadcast or direct IP connection.

I believe it will always reply from source port 7000, but I can only base this on my device, and there is nothing technically wrong with a response from any port.