diff --git a/miniupnpd/miniupnpd.conf b/miniupnpd/miniupnpd.conf index 90bd5ad..36040f4 100644 --- a/miniupnpd/miniupnpd.conf +++ b/miniupnpd/miniupnpd.conf @@ -1,143 +1,141 @@ # WAN network interface #ext_ifname=eth1 #ext_ifname=xl1 -# if the WAN interface has several IP addresses, you +# If the WAN interface has several IP addresses, you # can specify the one to use below #ext_ip= # LAN network interfaces IPs / networks -# there can be multiple listening ips for SSDP traffic. -# should be under the form nnn.nnn.nnn.nnn/nn -# It can also be the network interface name (ie "eth0") -# It if mandatory to use the network interface name to enable IPv6 +# There can be multiple listening IPs for SSDP traffic +# It can be IP address or network interface name (ie. "eth0") +# It is mandatory to use the network interface name in order to enable IPv6 # HTTP is available on all interfaces. -# When MULTIPLE_EXTERNAL_IP is enabled, the external ip -# address associated with the subnet follows. for example : +# When MULTIPLE_EXTERNAL_IP is enabled, the external IP +# address associated with the subnet follows. For example: # listening_ip=192.168.0.1/24 88.22.44.13 #listening_ip=192.168.0.1/24 #listening_ip=10.5.0.0/16 #listening_ip=eth0 # CAUTION: mixing up WAN and LAN interfaces may introduce security risks! -# be sure to assign the correct interfaces to LAN and WAN and consider +# Be sure to assign the correct interfaces to LAN and WAN and consider # implementing UPnP permission rules at the bottom of this configuration file -# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect. +# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect. #http_port=0 -# port for HTTPS. set to 0 for autoselect (default) +# Port for HTTPS. Set to 0 for autoselect (default) #https_port=0 -# path to the unix socket used to communicate with MiniSSDPd +# Path to the UNIX socket used to communicate with MiniSSDPd # If running, MiniSSDPd will manage M-SEARCH answering. # default is /var/run/minissdpd.sock #minissdpdsocket=/var/run/minissdpd.sock -# enable NAT-PMP support (default is no) +# Enable NAT-PMP support (default is no) #enable_natpmp=yes -# enable UPNP support (default is yes) +# Enable UPNP support (default is yes) #enable_upnp=no -# PCP : -# configure minimal and maximal lifetime of the port mapping in seconds +# PCP +# Configure the minimum and maximum lifetime of a port mapping in seconds # 120s and 86400s (24h) are suggested values from PCP-base #min_lifetime=120 #max_lifetime=86400 -# chain names for netfilter (not used for pf or ipf). +# Chain names for netfilter (not used for pf or ipf). # default is MINIUPNPD for both #upnp_forward_chain=forwardUPnP #upnp_nat_chain=UPnP -# lease file location +# Lease file location #lease_file=/var/log/upnp.leases -# to enable the next few runtime options, see compile time +# To enable the next few runtime options, see compile time # ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h) -# name of this service, default is "`uname -s` router" +# Name of this service, default is "`uname -s` router" #friendly_name=MiniUPnPd router -# manufacturer name, default is "`uname -s`" +# Manufacturer name, default is "`uname -s`" #manufacturer_name=Manufacturer corp -# manufacturer url, default is URL of OS verndor +# Manufacturer URL, default is URL of OS vendor #manufacturer_url=http://miniupnp.free.fr/ -# model name, default is "`uname -s` router" +# Model name, default is "`uname -s` router" #model_name=Router Model -# model description, default is "`uname -s` router" +# Model description, default is "`uname -s` router" #model_description=Very Secure Router - Model -# model url, default is URL of OS vendor +# Model URL, default is URL of OS vendor #model_url=http://miniupnp.free.fr/ -# bitrates reported by daemon in bits per second +# Bitrates reported by daemon in bits per second # by default miniupnpd tries to get WAN interface speed #bitrate_up=1000000 #bitrate_down=10000000 -# "secure" mode : when enabled, UPnP client are allowed to add mappings only -# to their IP. +# Secure Mode, UPnP clients can only add mappings to their own IP #secure_mode=yes secure_mode=no -# default presentation url is http address on port 80 +# Default presentation URL is HTTP address on port 80 # If set to an empty string, no presentationURL element will appear # in the XML description of the device, which prevents MS Windows # from displaying an icon in the "Network Connections" panel. #presentation_url=http://www.mylan/index.php -# report system uptime instead of daemon uptime +# Report system uptime instead of daemon uptime system_uptime=yes -# notify interval in seconds. default is 30 seconds. +# Notify interval in seconds. default is 30 seconds. #notify_interval=240 notify_interval=60 -# unused rules cleaning. +# Unused rules cleaning. # never remove any rule before this threshold for the number # of redirections is exceeded. default to 20 #clean_ruleset_threshold=10 -# clean process work interval in seconds. default to 0 (disabled). +# Clean process work interval in seconds. default to 0 (disabled). # a 600 seconds (10 minutes) interval makes sense clean_ruleset_interval=600 -# log packets in pf (default is no) +# Log packets in pf (default is no) #packet_log=no -# anchor name in pf (default is miniupnpd) +# Anchor name in pf (default is miniupnpd) #anchor=miniupnpd # ALTQ queue in pf -# filter rules must be used for this to be used. +# Filter rules must be used for this to be used. # compile with PF_ENABLE_FILTER_RULES (see config.h file) #queue=queue_name1 -# tag name in pf +# Tag name in pf #tag=tag_name1 -# make filter rules in pf quick or not. default is yes +# Make filter rules in pf quick or not. default is yes # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file) #quickrules=no -# uuid : generate your own with "make genuuid" +# UUID, generate your own UUID with "make genuuid" uuid=00000000-0000-0000-0000-000000000000 -# serial and model number the daemon will report to clients -# in its XML description +# Daemon's serial and model number when reporting to clients +# (in XML description) #serial=12345678 #model_number=1 # UPnP permission rules -# (allow|deny) (external port range) ip/mask (internal port range) +# (allow|deny) (external port range) IP/mask (internal port range) # A port range is - or if there is only # one port in the range. -# ip/mask format must be nn.nn.nn.nn/nn -# it is advised to only allow redirection of port above 1024 -# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535" +# IP/mask format must be nnn.nnn.nnn.nnn/nn +# It is advised to only allow redirection of port >= 1024 +# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535" # The following default ruleset allows specific LAN side IP addresses -# to request only ephemeral ports. it is recommended that users +# to request only ephemeral ports. It is recommended that users # modify the IP ranges to match their own internal networks, and # also consider implementing network-specific restrictions # CAUTION: failure to enforce any rules may permit insecure requests to be made! @@ -146,4 +144,3 @@ allow 1024-65535 192.168.1.0/24 1024-65535 allow 1024-65535 192.168.0.0/23 22 allow 12345 192.168.7.113/32 54321 deny 0-65535 0.0.0.0/0 0-65535 -