[pvs2] Fix iptables rules even more

1 files changed, 8 insertions, 3 deletions

diff --git a/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs b/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs
index bfb9a391..8debd2cc 100755
--- a/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs
+++ b/core/modules/pvs2/data/opt/openslx/iptables/rules.d/10-pvs
@@ -1,13 +1,18 @@
 #!/bin/ash
 
 # Allow PVS ports
-# Control connection - server and client perspective
+# Control connection: server incoming, client outgoing
 iptables -I ipt-helper-INPUT 1 -i br0 -p tcp --dport 5194 -j ACCEPT
 iptables -I ipt-helper-OUTPUT 1 -o br0 -p tcp --dport 5194 -j ACCEPT
-# UDP discovery - server and client perspective
+# UDP discovery
+# pvsmgr: allow incoming discovery (broadcast)
 iptables -I ipt-helper-INPUT 1 -i br0 -p udp --dport 3492 -j ACCEPT
-iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --dport 3492 -j ACCEPT
+# pvsmgr: allow outgoing discovery reply (unicast)
 iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --sport 3492 -j ACCEPT
+# pvsclient: allow outgoing discovery (broadcast)
+iptables -I ipt-helper-OUTPUT 1 -o br0 -p udp --dport 3492 -j ACCEPT
+# pvsclient: allow incoming discovery reply (unicast)
+iptables -I ipt-helper-INPUT 1 -i br0 -p udp --sport 3492 -j ACCEPT
 # VNC connection - incoming and outgoing - small range as we use -autoport
 iptables -I ipt-helper-INPUT 1 -i br0 -p tcp --dport 54112:54122 -j ACCEPT
 iptables -I ipt-helper-OUTPUT 1 -o br0 -p tcp --dport 54112:54122 -j ACCEPT