c2bc72a8e9
apple / swift (push) Successful in 1m11s
android / android (push) Successful in 4m1s
apple / screenshots (push) Successful in 4m29s
arch / build-publish (push) Successful in 5m52s
ci / web (push) Successful in 1m16s
ci / docs-site (push) Successful in 1m11s
ci / rust (push) Successful in 4m54s
deb / build-publish (push) Successful in 3m0s
decky / build-publish (push) Successful in 24s
ci / bench (push) Successful in 4m44s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 32s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 2m50s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m30s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 53s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m18s
rpm / build-publish (43, bazzite, punktfunk-fedora-rpm) (push) Successful in 10m14s
rpm / build-publish (44, fedora-44, punktfunk-fedora44-rpm) (push) Successful in 10m5s
docker / deploy-docs (push) Successful in 22s
CachyOS ships ufw enabled by default (firewalld is not installed) — verified live on the .21 box — but the docs and shipped firewall openers claimed "CachyOS enables firewalld by default". Correct that everywhere and ship a ufw application profile (the one-liner analogue of the firewalld service files): - packaging/linux/punktfunk.ufw (new): [punktfunk-native], [punktfunk-gamestream], [punktfunk-web] profiles, installed to /etc/ufw/applications.d/punktfunk by the Arch (CachyOS) and .deb host packages. `sudo ufw allow punktfunk-native`. - packaging/linux/punktfunk-web.xml (new): firewalld service for the optional web console (TCP 47992), installed by the host package on arch/deb/rpm. Neither the native nor gamestream opener covered 47992, so a firewalld/ufw host that enabled punktfunk-web could not reach the console over the LAN. - Fix the "CachyOS enables firewalld" claim in arch.md, arch/README.md, debian/README.md, both firewalld service .xml comments, and the pacman scriptlet; firewalld now attributed to the spins that use it (EndeavourOS, Fedora/RHEL). - Docs present both one-liners (ufw + firewalld) whichever firewall you run, plus a console-opener step; postinst/scriptlet hints detect ufw as well as firewalld. The native data plane stays hole-punched (ephemeral UDP, no fixed port) — its openers correctly open only 9777/udp + mDNS; the stale "open a UDP range" note is replaced with the accurate outbound-UDP explanation. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
27 lines
1.9 KiB
XML
27 lines
1.9 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!--
|
|
firewalld service definition for the punktfunk GameStream (Moonlight-compatible) host.
|
|
|
|
Installed to /usr/lib/firewalld/services/ by the punktfunk-host package. It is NOT enabled
|
|
automatically: an Arch package never touches the admin's running firewall. Stock Arch ships no
|
|
firewall (these ports are already open); Fedora/RHEL and some Arch spins (EndeavourOS) enable
|
|
firewalld by default, so enable it once with firewall-cmd (add-service=punktfunk-gamestream, then
|
|
reload). CachyOS and Ubuntu use ufw instead — the package also ships a ufw application profile
|
|
(punktfunk.ufw). Exact commands: your distro's install guide, or the per-distro packaging README.
|
|
|
|
Needed only when the host runs GameStream/Moonlight compat (serve with the gamestream flag). The
|
|
mgmt REST API (TCP 47990) stays on loopback by default and is deliberately not opened here.
|
|
Port map: design/gamestream-host-plan.md.
|
|
-->
|
|
<service>
|
|
<short>Punktfunk (GameStream / Moonlight)</short>
|
|
<description>Low-latency game-streaming host over the Moonlight-compatible GameStream protocol. Opens the fixed nvhttp (HTTPS/HTTP), RTSP, video RTP, ENet control/input and Opus audio ports, plus mDNS for auto-discovery.</description>
|
|
<port protocol="tcp" port="47984"/> <!-- HTTPS nvhttp (paired, mutual TLS) -->
|
|
<port protocol="tcp" port="47989"/> <!-- HTTP nvhttp (/serverinfo, /pair PIN flow) -->
|
|
<port protocol="tcp" port="48010"/> <!-- RTSP handshake -->
|
|
<port protocol="udp" port="47998"/> <!-- Video RTP (+ FEC) -->
|
|
<port protocol="udp" port="47999"/> <!-- ENet control stream + remote input -->
|
|
<port protocol="udp" port="48000"/> <!-- Audio (Opus) -->
|
|
<port protocol="udp" port="5353"/> <!-- mDNS auto-discovery (_nvstream._tcp.local) -->
|
|
</service>
|