-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
miniupnpd: Better document and reformat default
upnpd UCI config file
and add (template) ACL entry for low ports (<1024) denied by default, current behaviour Signed-off-by: Self Hosting Group <[email protected]>
- Loading branch information
1 parent
8501624
commit 74d20e6
Showing
1 changed file
with
35 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,39 @@ | ||
| config upnpd config | ||
| option enabled 0 | ||
| option enable_pcp_pmp 1 | ||
| option enable_upnp 1 | ||
| option allow_third_party_mapping 0 | ||
| option log_output 0 | ||
| # Default interface link speed | ||
| # option download_kbps | ||
| # option upload_kbps | ||
| #by default, looked up dynamically from ubus | ||
| # option external_iface wan | ||
| option internal_iface lan | ||
| option port 5000 | ||
| option upnp_lease_file /var/run/miniupnpd.leases | ||
| option upnp_igd_compat igdv1 | ||
| # UPnP IGD & PCP/NAT-PMP service configuration | ||
|
|
||
| config upnpd 'config' | ||
| option enabled 0 | ||
| option enable_upnp 1 | ||
| option enable_pcp_pmp 1 | ||
| option upnp_igd_compat igdv1 | ||
| option allow_third_party_mapping 0 | ||
| # Default interface link speed | ||
| #option download_kbps | ||
| #option upload_kbps | ||
| # Multiple LAN interfaces can be specified, separated by a space | ||
| option internal_iface 'lan' | ||
| # By default, looked up dynamically from ubus | ||
| #option external_iface wan | ||
| option upnp_lease_file /var/run/miniupnpd.leases | ||
|
|
||
| # Service access control list configuration, IPv6 always allowed | ||
|
|
||
| config perm_rule | ||
| option action allow | ||
| option ext_ports 1024-65535 | ||
| option int_addr 0.0.0.0/0 | ||
| option int_ports 1024-65535 | ||
| option comment 'Allow high ports' | ||
|
|
||
| config perm_rule | ||
| option action allow | ||
| option ext_ports 1024-65535 | ||
| option int_addr 0.0.0.0/0 # Does not override secure_mode | ||
| option int_ports 1024-65535 | ||
| option comment "Allow high ports" | ||
| option action deny | ||
| option ext_ports 1-1023 | ||
| option int_addr 0.0.0.0/0 | ||
| option int_ports 1-1023 | ||
| option comment 'Low ports' | ||
|
|
||
| config perm_rule | ||
| option action deny | ||
| option ext_ports 0-65535 | ||
| option int_addr 0.0.0.0/0 | ||
| option int_ports 0-65535 | ||
| option comment "Default deny" | ||
| option action deny | ||
| option ext_ports 1-65535 | ||
| option int_addr 0.0.0.0/0 | ||
| option int_ports 1-65535 | ||
| option comment 'Deny by default' |