miniupnpd/INSTALL: update infos

rdr-anchor lines should be removed in OpenBSD since 4.7
rephrased a bit the part about permissions
This commit is contained in:
Thomas Bernard 2014-01-14 09:26:24 +01:00
parent 3997a2ebe7
commit 401c624bcf
1 changed files with 13 additions and 11 deletions

View File

@ -1,5 +1,5 @@
MiniUPnP project. MiniUPnP project.
(c) 2006-2013 Thomas Bernard (c) 2006-2014 Thomas Bernard
Homepage : http://miniupnp.free.fr/ Homepage : http://miniupnp.free.fr/
Mirror: http://miniupnp.tuxfamily.org/ Mirror: http://miniupnp.tuxfamily.org/
github: https://github.com/miniupnp/miniupnp github: https://github.com/miniupnp/miniupnp
@ -17,7 +17,9 @@ To Build and Install :
Alternatively to editing config.h, options can be passed to genconfig.sh Alternatively to editing config.h, options can be passed to genconfig.sh
For more details : For more details :
> ./genconfig.sh -h > ./genconfig.sh -h
- add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf - add "rdr-anchor miniupnpd" or/and "anchor miniupnpd" lines to /etc/pf.conf
(Since OpenBSD 4.7, rdr-anchor lines are no longer used and should be
removed, leaving only the anchor lines).
- some FreeBSD users reported that it is also necessary for them - some FreeBSD users reported that it is also necessary for them
to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following
lines to /etc/pf.conf : lines to /etc/pf.conf :
@ -26,7 +28,7 @@ To Build and Install :
- dont forget to " pfctl -f /etc/pf.conf " - dont forget to " pfctl -f /etc/pf.conf "
- you can check your modifications are taken into accout with - you can check your modifications are taken into accout with
"pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd" "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd"
and "anchor miniupnpd" lines. (if applicable) and/or "anchor miniupnpd" lines.
- install as root using : - install as root using :
# make install # make install
or or
@ -53,7 +55,7 @@ http://blogs.sun.com/avalon/category/IPFilter
- To enable non standard compilation options, - To enable non standard compilation options,
> ./genconfig.sh -h > ./genconfig.sh -h
Or edit config.h after it has been generated by genconfig.sh Or edit config.h after it has been generated by genconfig.sh
- use 'bsdmake' or 'make -f Makefile.macosx' to build - use 'bsdmake' (if available) or 'make -f Makefile.macosx' to build
============================== Mac OS X/pf ================================ ============================== Mac OS X/pf ================================
@ -118,11 +120,11 @@ also available through command line switches.
Miniupnpd supports some kind of security check for allowing or disallowing Miniupnpd supports some kind of security check for allowing or disallowing
redirection to be made. The UPnP permission rules are read from the redirection to be made. The UPnP permission rules are read from the
miniupnpd.conf configuration file. miniupnpd.conf configuration file.
When a new redirection is asked, permission rules are evaluated in top-down When a new redirection is requested, permission rules are evaluated in
order and the first permission rule matched gives the answer : redirection top-down order and the first permission rule matched gives the response :
allowed or denied. If no rule is matching, the redirection is allowed, so redirection allowed or denied. If no rule is matching, the redirection is
it is a good practice to have a "catch all" deny permission rule at the end allowed, so it is a good practice to have a "catch all" deny permission
of your mermission ruleset. rule at the end of your permission ruleset.
Sample permission ruleset : Sample permission ruleset :
allow 4662-4672 192.168.1.34/32 4662-4672 allow 4662-4672 192.168.1.34/32 4662-4672
deny 0-65535 192.168.1.34/32 0-65535 deny 0-65535 192.168.1.34/32 0-65535
@ -147,8 +149,8 @@ More simple, use the genuuid makefile target :
> make genuuid > make genuuid
or or
> make -f Makefile.linux genuuid > make -f Makefile.linux genuuid
This target is needed by the "install" target, so it should be done This target is needed by the "install" target, so it is done automatically
automatically. during install.
To stop the daemon use : To stop the daemon use :
# kill `cat /var/run/miniupnpd.pid` # kill `cat /var/run/miniupnpd.pid`