To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
The OpenWrt Makefile that builds miniupnpd passes the firewall argument
to the configure script, so this is not needed and it is blocking us
from using nftables instead, which will be the default backend for
firewall4 to be used in the next OpenWrt stable release.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Fix missing references to $(BUILD) in the install rules, as well
as incorrect shared library symlink name. Otherwise, the 'install'
phase fails either being unable to find files:
make: *** No rule to make target 'miniupnpc.pc', needed by 'install'. Stop.
or trying to create the symlink in the wrong subdirectory:
ln: failed to create symbolic link '/tmp/z/usr/lib/build/libminiupnpc.so': No such file or directory
There is missing corner case check when these functions return failure.
Network in this case does not work, so disable port forwarding to prevent
returning incorrect response about port forwarding state.
Also explicitly set disable_port_forwarding to 0 on success to make code
more readable.
Thomas Bernard
Sven Auhagen
Stijn Tintel
heitbaum
Michał Górny
Pali Rohár