Commit Graph

31 Commits

Author SHA1 Message Date
yangfl 2ff8cb17da miniupnpd: Add option to match rules with regex
Some reports that a certain app is abusing UPnP for exploiting upload
bandwidth. This commit adds support to restrict UPnP rules to a regex.
By matching requester's description string against rule's regex, this
will make some obstacles for that app.
2022-10-21 21:26:39 +02:00
Brian John 87776e8345 Split "NAT" and "TABLE" for consistency 2022-01-01 16:58:55 -06:00
Sven Auhagen 0b3f3e4029
NFTables make tables name configurable
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas Bernard 23edb7e5eb options.c: 2021 2021-08-21 10:24:22 +02:00
Sven Auhagen 74dbad5ab0 IPv6 pinholes lease file
This patch adds a lease file for IPv6 pinholes.
The leases are maintained and readded when miniupnpd restarts.
Currently all IPv6 leases are lost on restart.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 11:06:12 +01:00
Thomas Bernard 7fcbcd35b9
fix commit 5567e7c7e0 2021-06-18 00:31:27 +02:00
Thomas Bernard 5567e7c7e0
miniupnpd: improves error handling during init.
- Fails on config parsing and init errors.
- print errors during init to both syslog and stderr.

fixes #551
2021-06-18 00:21:16 +02:00
Thomas Bernard a774830fe0
miniupnpd: Option to disable IPv6 at runtime : -4 / ipv6_disable=yes 2020-04-09 21:12:20 +02:00
Thomas Bernard a1ceec3dba
miniupnpd: Allow to use two different network interfaces for IPv4 and IPv6 internet
-i / -I
ext_ifname= / ext_ifname6=

see :
df906367be/
thanks to "sfstudio"
2019-05-21 10:42:40 +02:00
Thomas Bernard 6e5a88098d fix file headers (=>2018)
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 14:16:49 +02:00
Pali Rohár 8c97654d70 miniupnpd: When enabled perform STUN to learn external IP address and NAT type
Also enable port forwarding when direct (non-NAT) connection or unrestricted NAT 1:1 (without any filtering) is detected.
2018-05-19 13:32:42 +02:00
Thomas Bernard 2b6fa0839f no more strlen(xxx) == 0.
Fixes #292
2018-04-20 17:19:52 +02:00
Nye Liu c6bf0ba6f3 Allow runtime override of igd to v1 for people running binaries with v2 enabled
Towards miniupnp/miniupnp#277
2018-02-19 22:14:05 -08:00
Thomas Bernard d3635faeed add upnp_nat_postrouting_chain .conf option
fixes #190

MINIUPNPD-PCP-PEER has also been renamed to MINIUPNPD-POSTROUTING
( 1ba4362910 )
2016-01-26 16:59:04 +01:00
Markus Stenberg c038146cee Added ipv6_listening_ip option to override it from in6addr_any.
This way IPv6 services can be selectively enabled on one IP too.
2014-05-20 15:55:35 +03:00
Markus Stenberg c8ec092693 Added pcp_ prefix to allow_thirdparty option (options parsing reserved allow for it's own use). 2014-05-15 12:04:03 +02:00
Markus Stenberg c801138c63 Added PCP third party option and made it's use an option. 2014-05-06 13:10:09 +02:00
Thomas Bernard 1ff20069a1 miniupnpd/options.c: fix potential end of array access 2014-04-20 18:10:44 +02:00
Thomas Bernard 415d14fbe9 miniupnpd/options.c: Add https_port= option
also add http_port= as a synonym to port=
2014-04-20 18:06:00 +02:00
Thomas Bernard f774a54bac remove C++ style comments 2013-12-13 17:01:41 +01:00
Thomas Bernard d19048ef9e miniupnpd: Make all manufacturer info configurable 2013-12-13 12:03:28 +01:00
Leo Moll d200fb748f Made all manufacturer related information configurable:
- manufacturer_name, default is "`uname -s`"
- manufacturer_url, default is URL of OS verndor
- model_name, default is "`uname -s` router"
- model_description, default is "`uname -s` router"
- model_url, default is URL of OS verndor
2013-10-20 23:02:19 +02:00
Peter Tatrai 9e1ffd5cd9 Add initial PCP support 2013-07-11 09:38:55 +02:00
Thomas Bernard 0df9f7f62a miniupnpd: added DISABLE_CONFIG_FILE in options.h to disable miniupnpd.conf parsing 2012-06-29 21:39:34 +02:00
Thomas Bernard e42dfd3284 Remove Warnings caused by signed/unsigned integer comparaisons 2012-05-01 11:52:21 +02:00
Shawn Landen 5c224accbf remove trailing whitespace from miniupnpd 2012-02-29 17:48:41 -08:00
Thomas Bernard 65e277883b options.c: Save a few bytes
Use a string repository, instead of a fixed size buffer for each option value.

Also check realloc() error
2012-02-05 01:31:27 +01:00
Thomas Bernard 4e79d6b983 Fixed a minor memory "leak"
The upnppermlist was not free'd before exiting...
2012-02-05 00:53:29 +01:00
Thomas Bernard a0a1e45ac5 Added friendl_name= option to config file 2012-02-05 00:24:13 +01:00
Thomas Bernard 874283b36f Anchor name (PF) is now configurable through the config file with anchor= 2012-02-03 13:14:10 +01:00
Thomas Bernard 0d96346588 Adding miniupnpd 2011-09-28 21:13:20 +02:00