miniupnpd/miniupnpd.conf: add comments regarding security
comment values, to force people to configure themselves
This commit is contained in:
Thomas Bernard
parent
17dabcc708
commit
82604ec5d0
|
|
@ -1,5 +1,5 @@
|
|||
# WAN network interface
|
||||
ext_ifname=eth1
|
||||
#ext_ifname=eth1
|
||||
#ext_ifname=xl1
|
||||
# if the WAN interface has several IP addresses, you
|
||||
# can specify the one to use below
|
||||
|
|
@ -15,10 +15,14 @@ ext_ifname=eth1
|
|||
# address associated with the subnet follows. for example :
|
||||
# listening_ip=192.168.0.1/24 88.22.44.13
|
||||
#listening_ip=192.168.0.1/24
|
||||
listening_ip=192.168.10.109/24
|
||||
#listening_ip=10.5.0.0/16
|
||||
#listening_ip=eth0
|
||||
# CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
|
||||
# be sure to assign the correct interfaces to LAN and WAN and consider
|
||||
# implementing UPnP permission rules at the bottom of this configuration file
|
||||
|
||||
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
|
||||
http_port=0
|
||||
#http_port=0
|
||||
# port for HTTPS. set to 0 for autoselect (default)
|
||||
#https_port=0
|
||||
|
||||
|
|
@ -28,15 +32,16 @@ http_port=0
|
|||
#minissdpdsocket=/var/run/minissdpd.sock
|
||||
|
||||
# enable NAT-PMP support (default is no)
|
||||
enable_natpmp=yes
|
||||
#enable_natpmp=yes
|
||||
|
||||
# enable UPNP support (default is yes)
|
||||
enable_upnp=yes
|
||||
#enable_upnp=no
|
||||
|
||||
# PCP :
|
||||
# configure minimal and maximal lifetime of the port mapping in seconds
|
||||
# 120s and 86400s (24h) are suggested values from PCP-base
|
||||
min_lifetime=120
|
||||
max_lifetime=86400
|
||||
#min_lifetime=120
|
||||
#max_lifetime=86400
|
||||
|
||||
# chain names for netfilter (not used for pf or ipf).
|
||||
# default is MINIUPNPD for both
|
||||
|
|
@ -68,8 +73,9 @@ max_lifetime=86400
|
|||
#model_url=http://miniupnp.free.fr/
|
||||
|
||||
# bitrates reported by daemon in bits per second
|
||||
bitrate_up=1000000
|
||||
bitrate_down=10000000
|
||||
# by default miniupnpd tries to get WAN interface speed
|
||||
#bitrate_up=1000000
|
||||
#bitrate_down=10000000
|
||||
|
||||
# "secure" mode : when enabled, UPnP client are allowed to add mappings only
|
||||
# to their IP.
|
||||
|
|
@ -116,12 +122,12 @@ clean_ruleset_interval=600
|
|||
#quickrules=no
|
||||
|
||||
# uuid : generate your own with "make genuuid"
|
||||
uuid=3d3cec3a-8cf0-11e0-98ee-001a6bd2d07b
|
||||
uuid=00000000-0000-0000-0000-000000000000
|
||||
|
||||
# serial and model number the daemon will report to clients
|
||||
# in its XML description
|
||||
serial=12345678
|
||||
model_number=1
|
||||
#serial=12345678
|
||||
#model_number=1
|
||||
|
||||
# UPnP permission rules
|
||||
# (allow|deny) (external port range) ip/mask (internal port range)
|
||||
|
|
@ -130,6 +136,11 @@ model_number=1
|
|||
# ip/mask format must be nn.nn.nn.nn/nn
|
||||
# it is advised to only allow redirection of port above 1024
|
||||
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
|
||||
# The following default ruleset allows specific LAN side IP addresses
|
||||
# to request only ephemeral ports. it is recommended that users
|
||||
# modify the IP ranges to match their own internal networks, and
|
||||
# also consider implementing network-specific restrictions
|
||||
# CAUTION: failure to enforce any rules may permit insecure requests to be made!
|
||||
allow 1024-65535 192.168.0.0/24 1024-65535
|
||||
allow 1024-65535 192.168.1.0/24 1024-65535
|
||||
allow 1024-65535 192.168.0.0/23 22
|
||||
|
|
|
|||
Loading…
Reference in New Issue