Firewalld rule for Roon server

roon-server.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Roon Server</short>
  <description>Roon Server from Roon Labs plays music according to instructions from Roon Controllers</description>
  <!-- per https://community.roonlabs.com/t/connection-failed-and-chromecast-issues-roon-using-new-additional-network-ports-since-880/181528/18 -->
  <!-- unclear if necessary: port protocol="tcp" port="8008-8009"/ -->
  <port protocol="udp" port="9003"/>
  <port protocol="tcp" port="9330-9339"/>
  <port protocol="tcp" port="30000-30010"/>
  <!-- unclear if necessary: port protocol="udp" port="32768-65535"/ -->
  <!-- igmp enables multicast. Unclear if broadcast and SSDP are needed too, see https://community.roonlabs.com/t/android-roon-remote-looses-connection-to-core-daily/61650/45 says is also required? -->
  <protocol value="igmp"/>
</service>

Adding port 55000/tcp will make ARC work:

<port protocol="tcp" port="55000"/>

Opening 32768-65535/udp appears to make Chromecast, Apple Airplay and Roon Ready devices like the Cambridge Audio CXN V2 work.

It looks like roon is also listening for mDNS traffic on UDP 5353. It might be worthwhile to enable that as well or enable the built-in firewalld mdns service:

firewall-cmd --permanent --add-service=mdns

With the above ranges enabled I am able to connect to:
Cambridge Audio CXN V2 (Roon Ready)
Google Home Mini via Chromecast (Roon Tested)
Sonos via Sonos Streaming
Misc devices via both Chromecast streaming and AirPlay