diff --git a/miniupnpd/Makefile.linux b/miniupnpd/Makefile.linux index d5255c7..fc81883 100644 --- a/miniupnpd/Makefile.linux +++ b/miniupnpd/Makefile.linux @@ -21,6 +21,7 @@ # ./configure them and build them then miniupnpd will build using : # $ IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux # +CONFIG_OPTIONS += --firewall=iptables #CFLAGS = -O -g -DDEBUG CFLAGS ?= -Os CFLAGS += -fno-strict-aliasing @@ -193,6 +194,7 @@ EXECUTABLES = miniupnpd testupnpdescgen testgetifstats \ all: $(EXECUTABLES) clean: + $(RM) config.h $(RM) $(ALLOBJS) $(RM) $(EXECUTABLES) $(RM) testupnpdescgen.o testgetifstats.o diff --git a/miniupnpd/Makefile.linux_nft b/miniupnpd/Makefile.linux_nft index 861e777..45cd2ed 100644 --- a/miniupnpd/Makefile.linux_nft +++ b/miniupnpd/Makefile.linux_nft @@ -16,6 +16,7 @@ # (default INSTALLPREFIX is /usr) # # +CONFIG_OPTIONS += --firewall=nftables CFLAGS = -O -g #-DDEBUG CFLAGS ?= -Os CFLAGS += -fno-strict-aliasing @@ -108,6 +109,7 @@ EXECUTABLES = miniupnpd miniupnpdctl \ all: $(EXECUTABLES) clean: + $(RM) config.h $(RM) $(ALLOBJS) $(RM) $(EXECUTABLES) $(RM) testupnpdescgen.o testgetifstats.o diff --git a/miniupnpd/genconfig.sh b/miniupnpd/genconfig.sh index be7d788..3e1e07c 100755 --- a/miniupnpd/genconfig.sh +++ b/miniupnpd/genconfig.sh @@ -32,6 +32,8 @@ case "$argv" in exit 1 fi ;; --disable-pppconn) DISABLEPPPCONN=1 ;; + --firewall=*) + FW=$(echo $argv | cut -d= -f2) ;; --help|-h) echo "Usage : $0 [options]" echo " --ipv6 enable IPv6" @@ -43,6 +45,7 @@ case "$argv" in echo " --portinuse enable port in use check" echo " --uda-version=x.x set advertised UPnP version (default to ${UPNP_VERSION_MAJOR}.${UPNP_VERSION_MINOR})" echo " --disable-pppconn disable WANPPPConnection" + echo " --firewall= force the firewall type (only for linux)" exit 1 ;; *) @@ -316,11 +319,14 @@ case $OS_NAME in esac fi echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE} - # Would be better to check for actual presence of nftable rules, but that requires root privileges - if [ -x "$(command -v nft)" ]; then - FW=nftables - else - FW=iptables + if [ -z ${FW} ]; then + # test the current environment to determine which to use + # Would be better to check for actual presence of nftable rules, but that requires root privileges + if [ -x "$(command -v nft)" ]; then + FW=nftables + else + FW=iptables + fi fi V6SOCKETS_ARE_V6ONLY=`/sbin/sysctl -n net.ipv6.bindv6only` ;;