STOP=15
USE_PROCD=1
PROG=/usr/sbin/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
upnpd_get_port_range() {
local var="$1"; shift
local use_stun stun_host stun_port uuid notify_interval presentation_url
local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval
local ipv6_disable
- local ext_ip_reserved_ignore
local enabled
config_get_bool enabled config enabled 1
config_get clean_ruleset_threshold config clean_ruleset_threshold
config_get clean_ruleset_interval config clean_ruleset_interval
config_get ipv6_disable config ipv6_disable 0
- config_get ext_ip_reserved_ignore config ext_ip_reserved_ignore 0
local conf ifname ifname6
network_get_device ifname "$external_iface"
else
if [ -n "$external_zone" ] ; then
- ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan external_iface && \
network_get_device ifname "$external_iface"
network_get_device ifname6 "$external_iface6"
else
if [ -n "$external_zone" ] ; then
- ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan6 external_iface6 && \
network_get_device ifname6 "$external_iface6"
upnpd_write_bool igdv1 0 force_igd_desc_v1
upnpd_write_bool use_stun 0 ext_perform_stun
upnpd_write_bool ipv6_disable $ipv6_disable
- upnpd_write_bool ext_ip_reserved_ignore $ext_ip_reserved_ignore
[ "$use_stun" -eq 0 ] || {
[ -n "$stun_host" ] && echo "ext_stun_host=$stun_host"
config_foreach conf_rule_add perm_rule
+ if [ "$FW" = "fw4" ]; then
+ #When using nftables configure miniupnpd to use its own table and chains
+ echo "upnp_table_name=fw4"
+ echo "upnp_nat_table_name=fw4"
+ echo "upnp_forward_chain=upnp_forward"
+ echo "upnp_nat_chain=upnp_prerouting"
+ echo "upnp_nat_postrouting_chain=upnp_postrouting"
+ fi
+
} > "$tmpconf"
fi
if [ -n "$ifname" ]; then
# start firewall
- iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ if [ "$FW" = "fw4" ]; then
+ nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
+ else
+ iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ fi
else
logger -t "upnp daemon" "external interface not found, not starting"
fi
procd_open_instance
+ procd_set_param file "$conf" "/etc/config/firewall"
procd_set_param command "$PROG"
procd_append_param command -f "$conf"
[ "$log_output" = "1" ] && procd_append_param command -d
}
stop_service() {
- iptables -t nat -F MINIUPNPD 2>/dev/null
- iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
- iptables -t filter -F MINIUPNPD 2>/dev/null
-
- [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ if [ "$FW" = "fw3" ]; then
+ iptables -t nat -F MINIUPNPD 2>/dev/null
+ iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+ iptables -t filter -F MINIUPNPD 2>/dev/null
+ [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ else
+ nft flush chain inet fw4 upnp_forward 2>/dev/null
+ nft flush chain inet fw4 upnp_prerouting 2>/dev/null
+ nft flush chain inet fw4 upnp_postrouting 2>/dev/null
+ fi
}
start_service() {