I am trying to package Rygel UPnP server. Unfortunately, UPnP uses dynamic port for data channel. I tried adding a SSDP helper as suggested in the bug:
{
networking.firewall.allowedUDPPorts = [ 1900 ];
networking.firewall.extraPackages = [ pkgs.conntrack_tools ];
networking.firewall.autoLoadConntrackHelpers = true;
networking.firewall.extraCommands = ''
nfct add helper ssdp inet udp
iptables --verbose -I OUTPUT -t raw -p udp --dport 1900 -j CT --helper ssdp
'';
}
and following conntrack-tools manual but it is failing since nfct does not like it:
$ sudo nfct add helper ssdp inet udp
nfct v1.4.5: netlink error: Invalid argument
The command seems to work on Ubuntu according this comment.
How do I add the helper to the firewall on NixOS?