I'm attempting to set up macOS Home Sharing on my network. This requires that tcp 3689 and udp 5353 be open. I added these stanzas to my /etc/config/firewall:

config rule
	option name       Homeshare1
	option src	  wan
	option dest_port  3689
	option proto	  tcp
	option target	  ACCEPT

config rule
	option name       Homeshare2
	option src	  wan
	option dest_port  5353
	option proto	  udp
	option target	  ACCEPT

And the ports are still reported as closed. Just as a test, I added a rule for tcp 22 with the same syntax and it opened fine. What have I missed?

Side question, do you really want to open up those ports to the Internet in general?

To the specific point, I'm guessing you need to forward those ports to a target macOS device on your LAN. ACCEPT is generally for connections to the router itself.

All the references I've found only mention opening the ports. I did try forwarding to the Mac hosting the itunes library w/o success.

macOS "Home Sharing" looks like it is based on mDNS and local discovery (it's "home" sharing, after all). If so, it can't be routed across subnets easily. If that is the case, your router doesn't need to do anything at all, as it all happens on the "LAN" without router intervention (the packets flow through the switch and wireless bridge, but aren't routed).

image.png1702×158 21.3 KB