#linux Minecraft Bedrock Launcher & Firewall [io.mrarm.mcpelauncher]

im having difficulty with connecting to a dedicated lan server, i am running linux mint 22 with firewall enabled.
with firewall off i have no problem however with it on i can not see the server.
i add the ports reported in the firewall report list and i can connect but when i close minecraft & the launcher then reopen them i can not see the server again.
i check the firewall report and it shows that 1 of the ports are still the same but the other ports have changed, this happens every time.
is there a list of ports the launcher uses or a way to permanently set the port numbers the launcher uses or set the firewall to alow any port it randomly uses for only that app?
i have ports 19132 and 19133 added to the firewall and it still dont work correctly.
i am using the flatpack from the mint software manager, it is v1.1.2 (build 86) (edited)

i know about adding the server manually and that does work however im wanting to get it to properly show up on the 2nd tab [friends] automatically like it should
i am asking about this ability in preparation of eventually switching my son over to linux and im the owner/admin of the lan server he is 8 so isn't allowed on the internet directly.
so this is why im asking about this so it is familiar and easy for him to find in in the list
(moved from mint support to linux support due to this is happening on other distros as well)

Others likely more versed in this than myself but given that this is pinned and there aren't any replies, I might as well throw an idea out:

Have you tried defining a rule not based on port but local ip address, and allowing data without defining ports? I imagine that if no port is defined, all ports will be allowed, or you could possible add the * argument if firewall rules will accept that.

LAN ip address can be grabbed from clicking the wired or wireless and clicking connection information, or if you know your network interface, terminal and "ip address" will display network interfaces

i tried this and even allowing the entire ip range of my network with no ports defined witch should allow all ports on all lan ip but this still did not work.
sadly the firewall doesn't allow * as a ip or port.
allowing all ports on all ip's from 192.168.1.0 to 192.168.1.255 should have worked but for some reason it don't.

could it be a ipv6 problem, manually entering the settings without a port it only sets rules for ipv4 but when i add it by the report page it adds ipv4 & ipv6 rules and works till i close the game and reopen it and the ports change again

oh i didn't even register what the report tab was.
if ipv6 update works then it would make sense.
have you tried defining an advanced rule, allowing traffic to and from the ipv4 subnet id for both you and your son?
my knowledge on ipv6 is limited and i don't actually know if there is a subnet ipv6 address? again super limited knowledge on it and quite honestly very sleep deprived.

my apologies if i've missed mention of this and i come off as ignorant or unattentive btw.

ok i finally have made progress with this i am still testing but so far it looks like it does have to do with IPv6.
i looked up my server pc's IPv6 address and manually added it as allow all from its IP in UFW by terminal command and i finally seen the server with firewall on even after closing and reopening the game.
.
i will post here more info and screen shots about this after i finish testing trying to reproduce this through the firewall GUI.
.
maybe not as positive as i thought it seems that this some how allowed all IPv6 traffic from all IPv6 addresses

i did a little bit more digging on the issue;
i BELIEVE firewalld and firewall-config (the GUI for firewalld) would solve your issue; it can filter based on application, so you would set your default zone to "block" to drop all network traffic, and then add an exception for minecraft, and i think you'd be able to define further rules for it i.e only allowing comms to your PC as well as any additional ipv6 data.
keep in mind if set up that way it would block ALL network traffic OTHER than what you define as allowed for that process. i am also assuming here that it will consistently get the pid based on the process name and not need to be updated over and over.

i looked a bit at ways to set things up with iptables and from what i gathered, you would be able to launch minecraft as a group or user with defined rules on source/destination/inet type (ipv6/4); if you ran firefox in that group it would only comm on ipv4 to your subnet BUT it would still be able to use ipv6 unless THAT too was defined.

TLDR firewall-config seems like it would be able to do what you're wanting to accomplish here