STOP=15
USE_PROCD=1
PROG=/usr/sbin/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
upnpd_get_port_range() {
local var="$1"; shift
local upload download log_output port config_file serial_number model_number
local use_stun stun_host stun_port uuid notify_interval presentation_url
local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval
+ local ipv6_disable
local enabled
config_get_bool enabled config enabled 1
config_get upnp_lease_file config upnp_lease_file
config_get clean_ruleset_threshold config clean_ruleset_threshold
config_get clean_ruleset_interval config clean_ruleset_interval
+ config_get ipv6_disable config ipv6_disable 0
local conf ifname ifname6
network_get_device ifname "$external_iface"
else
if [ -n "$external_zone" ] ; then
- ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan external_iface && \
network_get_device ifname "$external_iface"
network_get_device ifname6 "$external_iface6"
else
if [ -n "$external_zone" ] ; then
- ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan6 external_iface6 && \
network_get_device ifname6 "$external_iface6"
for iface in ${internal_iface:-lan}; do
local device
network_get_device device "$iface" && echo "listening_ip=$device"
- network_get_device device "$iface" && echo "ipv6_listening_ip=$device"
done
config_load "upnpd"
upnpd_write_bool system_uptime 1
upnpd_write_bool igdv1 0 force_igd_desc_v1
upnpd_write_bool use_stun 0 ext_perform_stun
+ upnpd_write_bool ipv6_disable $ipv6_disable
[ "$use_stun" -eq 0 ] || {
[ -n "$stun_host" ] && echo "ext_stun_host=$stun_host"
config_foreach conf_rule_add perm_rule
+ if [ "$FW" = "fw4" ]; then
+ #When using nftables configure miniupnpd to use its own table and chains
+ echo "upnp_table_name=fw4"
+ echo "upnp_nat_table_name=fw4"
+ echo "upnp_forward_chain=upnp_forward"
+ echo "upnp_nat_chain=upnp_prerouting"
+ echo "upnp_nat_postrouting_chain=upnp_postrouting"
+ fi
+
} > "$tmpconf"
fi
if [ -n "$ifname" ]; then
# start firewall
- iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ if [ "$FW" = "fw4" ]; then
+ nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
+ else
+ iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ fi
else
logger -t "upnp daemon" "external interface not found, not starting"
fi
procd_open_instance
+ procd_set_param file "$conf" "/etc/config/firewall"
procd_set_param command "$PROG"
procd_append_param command -f "$conf"
[ "$log_output" = "1" ] && procd_append_param command -d
}
stop_service() {
- iptables -t nat -F MINIUPNPD 2>/dev/null
- iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
- iptables -t filter -F MINIUPNPD 2>/dev/null
-
- [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ if [ "$FW" = "fw3" ]; then
+ iptables -t nat -F MINIUPNPD 2>/dev/null
+ iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+ iptables -t filter -F MINIUPNPD 2>/dev/null
+ [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ else
+ nft flush chain inet fw4 upnp_forward 2>/dev/null
+ nft flush chain inet fw4 upnp_prerouting 2>/dev/null
+ nft flush chain inet fw4 upnp_postrouting 2>/dev/null
+ fi
}
start_service() {