--- /dev/null
+
+# LAN network interfaces IPs / networks
+# there can be multiple listening ips for SSDP traffic.
+# should be under the form nnn.nnn.nnn.nnn/nn
+# HTTP is available on all interfaces
+# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
+port=0
+
+# chain names for netfilter (not used for pf or ipf).
+upnp_forward_chain=UPNPFW
+upnp_nat_chain=UPNPFW
+
+# bitrates reported by daemon in bits per second
+bitrate_up=1000000
+bitrate_down=10000000
+
+# "secure" mode : when enabled, UPnP client are allowed to add mappings only
+# to their IP.
+secure_mode=yes
+
+# report system uptime instead of daemon uptime
+system_uptime=yes
+
+# notify interval in seconds. default is 30 seconds.
+notify_interval=60
+
+# unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# serial and model number the daemon will report to clients
+# in its XML description
+serial=12345678
+model_number=1
+
+# UPnP permission rules
+# (allow|deny) (external port range) ip/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# ip/mask format must be nn.nn.nn.nn/nn
+# it is advised to only allow redirection of port above 1024
+# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+allow 0-65535 0.0.0.0/0 0-65535
CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
cd $(DIR_APP) && install -m 755 miniupnpd /usr/sbin
+ -mkdir -pv /etc/miniupnpd
+ cp -vf $(DIR_SRC)/config/miniupnpd/miniupnpd.conf /etc/miniupnpd/miniupnpd.conf
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW
-
+ # This chain only contains dummy rules.
+ /sbin/iptables -N UPNPFW
# Custom mangle chain (for port fowarding)
/sbin/iptables -t mangle -N PORTFWMANGLE
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/miniupnpd
+#
+# Description : Miniupnp daemon
+#
+# Authors : Michael Tremer <michael.tremer@ipfire.org>
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+if [ ! -e /etc/miniupnpd/id ]; then
+ uuidgen > /etc/miniupnpd/id
+fi
+
+UUID=$(cat /etc/miniupnpd/id)
+
+EXT_DEV=$(cat /var/ipfire/red/iface)
+EXT_IP4=$(cat /var/ipfire/red/local-ipaddress)
+
+. /var/ipfire/ethernet/settings
+
+for i in GREEN_ADDRESS BLUE_ADDRESS; do
+ [ -n "${!i}" ] && LISTEN_IP="${LISTEN_IP} -a ${!i}"
+done
+
+function flush_iptables() {
+ # Flush iptables to remove all entries that were left
+ iptables -F UPNPFW
+ iptables -t nat -F UPNPFW
+}
+
+case "${1}" in
+ start)
+ boot_mesg "Starting miniupnpd..."
+
+ flush_iptables
+
+ loadproc miniupnpd -f /etc/miniupnpd/miniupnpd.conf \
+ -i ${EXT_DEV} -o ${EXT_IP4} ${LISTEN_IP} \
+ -u ${UUID}
+ ;;
+
+ stop)
+ boot_mesg "Stopping miniupnpd..."
+ killproc miniupnpd
+
+ flush_iptables
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ status)
+ statusproc miniupnpd
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/miniupnpd
--- /dev/null
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+ /etc/init.d/miniupnpd stop &>/dev/null
+
+exit 0
--- /dev/null
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+ /etc/init.d/miniupnpd start &>/dev/null
+
+exit 0