IP Addresses and Names: miniupnpd: Added rule to allow high ports be default. This...

SVN-Revision: 26205

diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index c19342faca8230ccd63f9a25e45bdeed9e825a82..33143b505b707a97b8403c272c855e2c8ce8af97 100644 (file)
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -51,7 +51,6 @@ define Package/miniupnpd/install
        $(INSTALL_DATA) ./files/miniupnpd.iface.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
        $(INSTALL_DATA) ./files/miniupnpd.firewall.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
        $(INSTALL_DIR) $(1)/usr/share/miniupnpd
-       $(INSTALL_DATA) ./files/upnpd.config.example $(1)/etc/config/upnpd.example
 endef
 
 $(eval $(call BuildPackage,miniupnpd))

diff --git a/net/miniupnpd/files/upnpd.config b/net/miniupnpd/files/upnpd.config
index e12f9a255a06b28c6574fa1374e15eff90ad3453..02b4b2abed7c69996df790b28c65e48b33963b95 100644 (file)
--- a/net/miniupnpd/files/upnpd.config
+++ b/net/miniupnpd/files/upnpd.config
@@ -8,9 +8,17 @@ config upnpd config
        option external_iface   wan
        option internal_iface   lan
        option port             5000
+       
+config perm_rule
+       option action           allow
+       option ext_ports        1024-65535
+       option int_addr         0.0.0.0/0       # Does not override secure_mode
+       option int_ports        1024-65535
+       option comment          "Allow high ports"
 
 config perm_rule
        option action           deny
        option ext_ports                0-65535
        option int_addr         0.0.0.0/0
        option int_ports                0-65535
+       option comment          "Default deny"

diff --git a/net/miniupnpd/files/upnpd.config.example b/net/miniupnpd/files/upnpd.config.example
deleted file mode 100644 (file)
index 5a632be..0000000
--- a/net/miniupnpd/files/upnpd.config.example
+++ /dev/null
@@ -1,45 +0,0 @@
-config upnpd config
-       option enable_natpmp    1
-       option enable_upnp      1
-       option secure_mode      1
-       option log_output       0
-       option download         1024
-       option upload           512
-       option external_iface   wan
-       option internal_iface   lan
-       option port             5000
-
-config perm_rule
-       option action           deny
-       option ext_ports                0-65535
-       option int_addr         0.0.0.0/0
-       option int_ports                0-65535
-
-# Allow rule
-# Allow incoming on a port in the range 1024 to 65535 to be redirected to
-# any 192.168.1.0/24 subnet host (depending on secure_mod) on a port in the
-# range 1024 to 65535
-# config perm_rule
-#      option action allow
-#      option ext_ports 1024-65535
-#      option int_addr 192.168.1.0/24
-#      option int_ports 1024-65535
-
-# Single port
-# Allow incoming on 12233 to be redirected to 192.168.1.24 on a port in the
-# range 12233 to 12345 (inclusive)
-# config perm_rule
-#      option action allow
-#      option ext_ports 12233
-#      option int_addr 192.168.1.24/24
-#      option int_ports 12233-12345
-#
-
-# Deny rule (recommended at end)
-# Deny any redirection that matchs:
-#  incoming on port 0-65535, redirected to any port numbered 0-65535 on any ip
-# config perm_rule
-#       option action deny
-#       option ext_ports 0-65535
-#       option int_addr 0.0.0.0/0
-#       option int_ports 0-65535