From 401c624bcf4da96d6b94b423952c4c99504d2974 Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Tue, 14 Jan 2014 09:26:24 +0100 Subject: [PATCH] miniupnpd/INSTALL: update infos rdr-anchor lines should be removed in OpenBSD since 4.7 rephrased a bit the part about permissions --- miniupnpd/INSTALL | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/miniupnpd/INSTALL b/miniupnpd/INSTALL index 92d2dd3..f249e7d 100644 --- a/miniupnpd/INSTALL +++ b/miniupnpd/INSTALL @@ -1,5 +1,5 @@ MiniUPnP project. -(c) 2006-2013 Thomas Bernard +(c) 2006-2014 Thomas Bernard Homepage : http://miniupnp.free.fr/ Mirror: http://miniupnp.tuxfamily.org/ github: https://github.com/miniupnp/miniupnp @@ -17,7 +17,9 @@ To Build and Install : Alternatively to editing config.h, options can be passed to genconfig.sh For more details : > ./genconfig.sh -h -- add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf +- add "rdr-anchor miniupnpd" or/and "anchor miniupnpd" lines to /etc/pf.conf + (Since OpenBSD 4.7, rdr-anchor lines are no longer used and should be + removed, leaving only the anchor lines). - some FreeBSD users reported that it is also necessary for them to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following lines to /etc/pf.conf : @@ -26,7 +28,7 @@ To Build and Install : - dont forget to " pfctl -f /etc/pf.conf " - you can check your modifications are taken into accout with "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd" - and "anchor miniupnpd" lines. + (if applicable) and/or "anchor miniupnpd" lines. - install as root using : # make install or @@ -53,7 +55,7 @@ http://blogs.sun.com/avalon/category/IPFilter - To enable non standard compilation options, > ./genconfig.sh -h Or edit config.h after it has been generated by genconfig.sh -- use 'bsdmake' or 'make -f Makefile.macosx' to build +- use 'bsdmake' (if available) or 'make -f Makefile.macosx' to build ============================== Mac OS X/pf ================================ @@ -118,11 +120,11 @@ also available through command line switches. Miniupnpd supports some kind of security check for allowing or disallowing redirection to be made. The UPnP permission rules are read from the miniupnpd.conf configuration file. -When a new redirection is asked, permission rules are evaluated in top-down -order and the first permission rule matched gives the answer : redirection -allowed or denied. If no rule is matching, the redirection is allowed, so -it is a good practice to have a "catch all" deny permission rule at the end -of your mermission ruleset. +When a new redirection is requested, permission rules are evaluated in +top-down order and the first permission rule matched gives the response : +redirection allowed or denied. If no rule is matching, the redirection is +allowed, so it is a good practice to have a "catch all" deny permission +rule at the end of your permission ruleset. Sample permission ruleset : allow 4662-4672 192.168.1.34/32 4662-4672 deny 0-65535 192.168.1.34/32 0-65535 @@ -147,8 +149,8 @@ More simple, use the genuuid makefile target : > make genuuid or > make -f Makefile.linux genuuid -This target is needed by the "install" target, so it should be done -automatically. +This target is needed by the "install" target, so it is done automatically +during install. To stop the daemon use : # kill `cat /var/run/miniupnpd.pid`