2011-09-28 21:13:20 +02:00
|
|
|
# WAN network interface
|
2014-10-13 18:03:53 +02:00
|
|
|
#ext_ifname=eth1
|
2011-09-28 21:13:20 +02:00
|
|
|
#ext_ifname=xl1
|
2019-05-21 10:42:40 +02:00
|
|
|
# if the WAN network interface for IPv6 is different than for IPv4,
|
|
|
|
# set ext_ifname6
|
|
|
|
#ext_ifname6=eth2
|
2015-04-25 14:43:33 +08:00
|
|
|
# If the WAN interface has several IP addresses, you
|
2011-09-28 21:13:20 +02:00
|
|
|
# can specify the one to use below
|
|
|
|
#ext_ip=
|
2018-05-19 13:32:42 +02:00
|
|
|
# WAN interface must have public IP address. Otherwise it is behind NAT
|
|
|
|
# and port forwarding is impossible. In some cases WAN interface can be
|
|
|
|
# behind unrestricted NAT 1:1 when all incoming traffic is NAT-ed and
|
|
|
|
# routed to WAN interfaces without any filtering. In this cases miniupnpd
|
|
|
|
# needs to know public IP address and it can be learnt by asking external
|
|
|
|
# server via STUN protocol. Following option enable retrieving external
|
|
|
|
# public IP address from STUN server and detection of NAT type. You need
|
|
|
|
# to specify also external STUN server in stun_host option below.
|
|
|
|
# This option is disabled by default.
|
|
|
|
#ext_perform_stun=yes
|
|
|
|
# Specify STUN server, either hostname or IP address
|
|
|
|
# Some public STUN servers:
|
|
|
|
# stun.stunprotocol.org
|
|
|
|
# stun.sipgate.net
|
|
|
|
# stun.xten.com
|
|
|
|
# stun.l.google.com (on non standard port 19302)
|
|
|
|
#ext_stun_host=stun.stunprotocol.org
|
|
|
|
# Specify STUN UDP port, by default it is standard port 3478.
|
|
|
|
#ext_stun_port=3478
|
2011-09-28 21:13:20 +02:00
|
|
|
|
|
|
|
# LAN network interfaces IPs / networks
|
2015-11-05 11:51:02 +01:00
|
|
|
# There can be multiple listening IPs for SSDP traffic, in that case
|
|
|
|
# use multiple 'listening_ip=...' lines, one for each network interface.
|
2015-04-25 14:43:33 +08:00
|
|
|
# It can be IP address or network interface name (ie. "eth0")
|
|
|
|
# It is mandatory to use the network interface name in order to enable IPv6
|
2012-04-06 17:31:24 +02:00
|
|
|
# HTTP is available on all interfaces.
|
2015-04-25 14:43:33 +08:00
|
|
|
# When MULTIPLE_EXTERNAL_IP is enabled, the external IP
|
|
|
|
# address associated with the subnet follows. For example:
|
2011-09-28 21:13:20 +02:00
|
|
|
# listening_ip=192.168.0.1/24 88.22.44.13
|
|
|
|
#listening_ip=192.168.0.1/24
|
2014-10-13 18:03:53 +02:00
|
|
|
#listening_ip=10.5.0.0/16
|
2012-04-06 17:31:24 +02:00
|
|
|
#listening_ip=eth0
|
2014-10-13 18:03:53 +02:00
|
|
|
# CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
|
2015-04-25 14:43:33 +08:00
|
|
|
# Be sure to assign the correct interfaces to LAN and WAN and consider
|
2014-10-13 18:03:53 +02:00
|
|
|
# implementing UPnP permission rules at the bottom of this configuration file
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect.
|
2014-10-13 18:03:53 +02:00
|
|
|
#http_port=0
|
2015-04-25 14:43:33 +08:00
|
|
|
# Port for HTTPS. Set to 0 for autoselect (default)
|
2014-04-22 00:44:37 +02:00
|
|
|
#https_port=0
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Path to the UNIX socket used to communicate with MiniSSDPd
|
2011-09-28 21:13:20 +02:00
|
|
|
# If running, MiniSSDPd will manage M-SEARCH answering.
|
|
|
|
# default is /var/run/minissdpd.sock
|
|
|
|
#minissdpdsocket=/var/run/minissdpd.sock
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Enable NAT-PMP support (default is no)
|
2014-10-13 18:03:53 +02:00
|
|
|
#enable_natpmp=yes
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Enable UPNP support (default is yes)
|
2014-10-13 18:03:53 +02:00
|
|
|
#enable_upnp=no
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# PCP
|
|
|
|
# Configure the minimum and maximum lifetime of a port mapping in seconds
|
2013-07-09 15:36:53 +02:00
|
|
|
# 120s and 86400s (24h) are suggested values from PCP-base
|
2014-10-13 18:03:53 +02:00
|
|
|
#min_lifetime=120
|
|
|
|
#max_lifetime=86400
|
2013-07-09 15:36:53 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Chain names for netfilter (not used for pf or ipf).
|
2011-09-28 21:13:20 +02:00
|
|
|
# default is MINIUPNPD for both
|
|
|
|
#upnp_forward_chain=forwardUPnP
|
|
|
|
#upnp_nat_chain=UPnP
|
2016-01-26 16:59:04 +01:00
|
|
|
#upnp_nat_postrouting_chain=UPnP-Postrouting
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Lease file location
|
2011-09-28 21:13:20 +02:00
|
|
|
#lease_file=/var/log/upnp.leases
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# To enable the next few runtime options, see compile time
|
2013-12-13 12:03:28 +01:00
|
|
|
# ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Name of this service, default is "`uname -s` router"
|
2012-02-05 00:24:13 +01:00
|
|
|
#friendly_name=MiniUPnPd router
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Manufacturer name, default is "`uname -s`"
|
2013-12-13 12:03:28 +01:00
|
|
|
#manufacturer_name=Manufacturer corp
|
2013-10-20 23:02:19 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Manufacturer URL, default is URL of OS vendor
|
2013-12-13 12:03:28 +01:00
|
|
|
#manufacturer_url=http://miniupnp.free.fr/
|
2013-10-20 23:02:19 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Model name, default is "`uname -s` router"
|
2013-12-13 12:03:28 +01:00
|
|
|
#model_name=Router Model
|
2013-10-20 23:02:19 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Model description, default is "`uname -s` router"
|
2013-12-13 12:03:28 +01:00
|
|
|
#model_description=Very Secure Router - Model
|
2013-10-20 23:02:19 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Model URL, default is URL of OS vendor
|
2013-12-13 12:03:28 +01:00
|
|
|
#model_url=http://miniupnp.free.fr/
|
2013-10-20 23:02:19 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Bitrates reported by daemon in bits per second
|
2014-10-13 18:03:53 +02:00
|
|
|
# by default miniupnpd tries to get WAN interface speed
|
|
|
|
#bitrate_up=1000000
|
|
|
|
#bitrate_down=10000000
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Secure Mode, UPnP clients can only add mappings to their own IP
|
2011-09-28 21:13:20 +02:00
|
|
|
#secure_mode=yes
|
|
|
|
secure_mode=no
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Default presentation URL is HTTP address on port 80
|
2011-09-28 21:13:20 +02:00
|
|
|
# If set to an empty string, no presentationURL element will appear
|
|
|
|
# in the XML description of the device, which prevents MS Windows
|
|
|
|
# from displaying an icon in the "Network Connections" panel.
|
|
|
|
#presentation_url=http://www.mylan/index.php
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Report system uptime instead of daemon uptime
|
2011-09-28 21:13:20 +02:00
|
|
|
system_uptime=yes
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Notify interval in seconds. default is 30 seconds.
|
2011-09-28 21:13:20 +02:00
|
|
|
#notify_interval=240
|
|
|
|
notify_interval=60
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Unused rules cleaning.
|
2011-09-28 21:13:20 +02:00
|
|
|
# never remove any rule before this threshold for the number
|
|
|
|
# of redirections is exceeded. default to 20
|
|
|
|
#clean_ruleset_threshold=10
|
2015-04-25 14:43:33 +08:00
|
|
|
# Clean process work interval in seconds. default to 0 (disabled).
|
2011-09-28 21:13:20 +02:00
|
|
|
# a 600 seconds (10 minutes) interval makes sense
|
|
|
|
clean_ruleset_interval=600
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Log packets in pf (default is no)
|
2011-09-28 21:13:20 +02:00
|
|
|
#packet_log=no
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Anchor name in pf (default is miniupnpd)
|
2012-02-03 13:14:10 +01:00
|
|
|
#anchor=miniupnpd
|
|
|
|
|
2011-09-28 21:13:20 +02:00
|
|
|
# ALTQ queue in pf
|
2015-04-25 14:43:33 +08:00
|
|
|
# Filter rules must be used for this to be used.
|
2011-09-28 21:13:20 +02:00
|
|
|
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
|
|
|
|
#queue=queue_name1
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Tag name in pf
|
2011-09-28 21:13:20 +02:00
|
|
|
#tag=tag_name1
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Make filter rules in pf quick or not. default is yes
|
2011-09-28 21:13:20 +02:00
|
|
|
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
|
|
|
|
#quickrules=no
|
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# UUID, generate your own UUID with "make genuuid"
|
2014-10-13 18:03:53 +02:00
|
|
|
uuid=00000000-0000-0000-0000-000000000000
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2015-04-25 14:43:33 +08:00
|
|
|
# Daemon's serial and model number when reporting to clients
|
|
|
|
# (in XML description)
|
2014-10-13 18:03:53 +02:00
|
|
|
#serial=12345678
|
|
|
|
#model_number=1
|
2011-09-28 21:13:20 +02:00
|
|
|
|
2018-02-19 22:14:05 -08:00
|
|
|
# If compiled with IGD_V2 defined, force reporting IGDv1 in rootDesc (default
|
|
|
|
# is no)
|
|
|
|
#force_igd_desc_v1=no
|
|
|
|
|
2011-09-28 21:13:20 +02:00
|
|
|
# UPnP permission rules
|
2015-04-25 14:43:33 +08:00
|
|
|
# (allow|deny) (external port range) IP/mask (internal port range)
|
2011-09-28 21:13:20 +02:00
|
|
|
# A port range is <min port>-<max port> or <port> if there is only
|
|
|
|
# one port in the range.
|
2015-04-25 14:43:33 +08:00
|
|
|
# IP/mask format must be nnn.nnn.nnn.nnn/nn
|
|
|
|
# It is advised to only allow redirection of port >= 1024
|
|
|
|
# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
|
2014-10-13 18:03:53 +02:00
|
|
|
# The following default ruleset allows specific LAN side IP addresses
|
2015-04-25 14:43:33 +08:00
|
|
|
# to request only ephemeral ports. It is recommended that users
|
2014-10-13 18:03:53 +02:00
|
|
|
# modify the IP ranges to match their own internal networks, and
|
|
|
|
# also consider implementing network-specific restrictions
|
|
|
|
# CAUTION: failure to enforce any rules may permit insecure requests to be made!
|
2011-09-28 21:13:20 +02:00
|
|
|
allow 1024-65535 192.168.0.0/24 1024-65535
|
|
|
|
allow 1024-65535 192.168.1.0/24 1024-65535
|
|
|
|
allow 1024-65535 192.168.0.0/23 22
|
|
|
|
allow 12345 192.168.7.113/32 54321
|
|
|
|
deny 0-65535 0.0.0.0/0 0-65535
|