From 54194ba452dcab3d2d117fc3a72cec5c2ab2cc00 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 22 Nov 2010 02:00:32 +0100 Subject: [PATCH] miniupnpd: Add configuration and scripts. --- config/miniupnpd/miniupnpd.conf | 47 +++++++++++++ lfs/miniupnpd | 3 + src/initscripts/init.d/firewall | 3 +- src/initscripts/init.d/miniupnpd | 69 +++++++++++++++++++ .../init.d/networking/red.down/10-miniupnpd | 6 ++ .../init.d/networking/red.up/10-miniupnpd | 6 ++ 6 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 config/miniupnpd/miniupnpd.conf create mode 100644 src/initscripts/init.d/miniupnpd create mode 100644 src/initscripts/init.d/networking/red.down/10-miniupnpd create mode 100644 src/initscripts/init.d/networking/red.up/10-miniupnpd diff --git a/config/miniupnpd/miniupnpd.conf b/config/miniupnpd/miniupnpd.conf new file mode 100644 index 0000000000..4a9cbc086a --- /dev/null +++ b/config/miniupnpd/miniupnpd.conf @@ -0,0 +1,47 @@ + +# LAN network interfaces IPs / networks +# there can be multiple listening ips for SSDP traffic. +# should be under the form nnn.nnn.nnn.nnn/nn +# HTTP is available on all interfaces +# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect. +port=0 + +# chain names for netfilter (not used for pf or ipf). +upnp_forward_chain=UPNPFW +upnp_nat_chain=UPNPFW + +# bitrates reported by daemon in bits per second +bitrate_up=1000000 +bitrate_down=10000000 + +# "secure" mode : when enabled, UPnP client are allowed to add mappings only +# to their IP. +secure_mode=yes + +# report system uptime instead of daemon uptime +system_uptime=yes + +# notify interval in seconds. default is 30 seconds. +notify_interval=60 + +# unused rules cleaning. +# never remove any rule before this threshold for the number +# of redirections is exceeded. default to 20 +#clean_ruleset_threshold=10 +# clean process work interval in seconds. default to 0 (disabled). +# a 600 seconds (10 minutes) interval makes sense +clean_ruleset_interval=600 + +# serial and model number the daemon will report to clients +# in its XML description +serial=12345678 +model_number=1 + +# UPnP permission rules +# (allow|deny) (external port range) ip/mask (internal port range) +# A port range is - or if there is only +# one port in the range. +# ip/mask format must be nn.nn.nn.nn/nn +# it is advised to only allow redirection of port above 1024 +# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535" +allow 0-65535 0.0.0.0/0 0-65535 diff --git a/lfs/miniupnpd b/lfs/miniupnpd index 96531db716..0317f83234 100644 --- a/lfs/miniupnpd +++ b/lfs/miniupnpd @@ -75,5 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include" cd $(DIR_APP) && install -m 755 miniupnpd /usr/sbin + -mkdir -pv /etc/miniupnpd + cp -vf $(DIR_SRC)/config/miniupnpd/miniupnpd.conf /etc/miniupnpd/miniupnpd.conf + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index f4d5611d36..fea8d87e84 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -250,7 +250,8 @@ case "$1" in # upnp chain for our upnp daemon /sbin/iptables -t nat -N UPNPFW /sbin/iptables -t nat -A PREROUTING -j UPNPFW - + # This chain only contains dummy rules. + /sbin/iptables -N UPNPFW # Custom mangle chain (for port fowarding) /sbin/iptables -t mangle -N PORTFWMANGLE diff --git a/src/initscripts/init.d/miniupnpd b/src/initscripts/init.d/miniupnpd new file mode 100644 index 0000000000..1fd02a25a8 --- /dev/null +++ b/src/initscripts/init.d/miniupnpd @@ -0,0 +1,69 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/miniupnpd +# +# Description : Miniupnp daemon +# +# Authors : Michael Tremer +# +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +if [ ! -e /etc/miniupnpd/id ]; then + uuidgen > /etc/miniupnpd/id +fi + +UUID=$(cat /etc/miniupnpd/id) + +EXT_DEV=$(cat /var/ipfire/red/iface) +EXT_IP4=$(cat /var/ipfire/red/local-ipaddress) + +. /var/ipfire/ethernet/settings + +for i in GREEN_ADDRESS BLUE_ADDRESS; do + [ -n "${!i}" ] && LISTEN_IP="${LISTEN_IP} -a ${!i}" +done + +function flush_iptables() { + # Flush iptables to remove all entries that were left + iptables -F UPNPFW + iptables -t nat -F UPNPFW +} + +case "${1}" in + start) + boot_mesg "Starting miniupnpd..." + + flush_iptables + + loadproc miniupnpd -f /etc/miniupnpd/miniupnpd.conf \ + -i ${EXT_DEV} -o ${EXT_IP4} ${LISTEN_IP} \ + -u ${UUID} + ;; + + stop) + boot_mesg "Stopping miniupnpd..." + killproc miniupnpd + + flush_iptables + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + status) + statusproc miniupnpd + ;; + + *) + echo "Usage: ${0} {start|stop|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/miniupnpd diff --git a/src/initscripts/init.d/networking/red.down/10-miniupnpd b/src/initscripts/init.d/networking/red.down/10-miniupnpd new file mode 100644 index 0000000000..eaf2239e96 --- /dev/null +++ b/src/initscripts/init.d/networking/red.down/10-miniupnpd @@ -0,0 +1,6 @@ +#!/bin/bash + +[ -x /etc/init.d/miniupnpd ] && \ + /etc/init.d/miniupnpd stop &>/dev/null + +exit 0 diff --git a/src/initscripts/init.d/networking/red.up/10-miniupnpd b/src/initscripts/init.d/networking/red.up/10-miniupnpd new file mode 100644 index 0000000000..54431331ba --- /dev/null +++ b/src/initscripts/init.d/networking/red.up/10-miniupnpd @@ -0,0 +1,6 @@ +#!/bin/bash + +[ -x /etc/init.d/miniupnpd ] && \ + /etc/init.d/miniupnpd start &>/dev/null + +exit 0 -- 2.39.2