miniupnpd: Added chain rule to filter table so udp stun incoming connections rules...

author Marco Martins <marcomartins86@gmail.com>

Thu, 19 Nov 2020 21:53:31 +0000 (21:53 +0000)

committer Rosen Penev <rosenp@gmail.com>

Mon, 30 Nov 2020 01:26:32 +0000 (17:26 -0800)
author Marco Martins <marcomartins86@gmail.com>
Thu, 19 Nov 2020 21:53:31 +0000 (21:53 +0000)
committer Rosen Penev <rosenp@gmail.com>
Mon, 30 Nov 2020 01:26:32 +0000 (17:26 -0800)
diff --git a/net/miniupnpd/files/firewall.include b/net/miniupnpd/files/firewall.include

index 97908af22cdf4e5b62ad7815efd3236d1970372d..911e0675c0c865fa77276db8a6c067ccb689d598 100644 (file)
--- a/net/miniupnpd/files/firewall.include
+++ b/net/miniupnpd/files/firewall.include
@@ -31,13 +31,15 @@ add_extzone_rules() {
      [ -z "$ext_zone" ] && return
  
      # IPv4 - due to NAT, need to add both to nat and filter table
-    # need to insert as penultimate rule for forward & postrouting since final rule might be a fw3 REJECT
+    # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
+    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
      iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
      $IPTABLES -t nat -A "zone_${ext_zone}_prerouting"  -j MINIUPNPD
      iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
  
      # IPv6 if available - filter only
      [ -x $IP6TABLES ] && {
+       iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
         iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
      }
      ADDED=$(($ADDED + 1))
author	Marco Martins <marcomartins86@gmail.com>
	Thu, 19 Nov 2020 21:53:31 +0000 (21:53 +0000)
committer	Rosen Penev <rosenp@gmail.com>
	Mon, 30 Nov 2020 01:26:32 +0000 (17:26 -0800)