From 6dca756c0656c0b9a59153fa713d8c21f1079f4b Mon Sep 17 00:00:00 2001
From: Markus Stenberg <markus.stenberg@iki.fi>
Date: Thu, 26 Jun 2014 23:17:54 +0300
Subject: [PATCH] minimalist-pcproxy/miniupnpd: added+using
 upnp.config.external_zone.

---
 .../files/minimalist-pcproxy.defaults           |  1 +
 miniupnpd/files/firewall.include                |  8 +++++++-
 miniupnpd/files/miniupnpd.hotplug               |  4 ++++
 miniupnpd/files/miniupnpd.init                  | 17 +++++++++++++----
 4 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/minimalist-pcproxy/files/minimalist-pcproxy.defaults b/minimalist-pcproxy/files/minimalist-pcproxy.defaults
index 4e041e5..a29d7b3 100644
--- a/minimalist-pcproxy/files/minimalist-pcproxy.defaults
+++ b/minimalist-pcproxy/files/minimalist-pcproxy.defaults
@@ -10,6 +10,7 @@ set upnpd.config.enable_upnp=0
 set upnpd.config.pcp_allow_thirdparty=1
 set upnpd.config.internal_iface=loopback
 set upnpd.config.ipv6_listening_ip=::1
+set upnpd.config.external_zone=wan
 set upnpd.config._pcproxy_configured=1
 commit upnpd
 EOF
diff --git a/miniupnpd/files/firewall.include b/miniupnpd/files/firewall.include
index 9a42e06..818af9d 100644
--- a/miniupnpd/files/firewall.include
+++ b/miniupnpd/files/firewall.include
@@ -34,11 +34,17 @@ for ext_iface in $(uci -q get upnpd.config.external_iface); do
     add_extzone_rules $(fw3 -q network "$ext_iface")
 done
 
+add_extzone_rules $(uci -q get upnpd.config.external_zone)
+
 [ ! $ADDED = 0 ] && exit 0
 
-# If it's not available, resort to network_find_wan{,6} and
+
+# If really nothing is available, resort to network_find_wan{,6} and
 # assume external interfaces all have same firewall zone.
 
+# (This heuristic may fail horribly, in case of e.g. multihoming, so
+# please set external_zone in that case!)
+
 network_find_wan wan_iface
 network_find_wan6 wan6_iface
 
diff --git a/miniupnpd/files/miniupnpd.hotplug b/miniupnpd/files/miniupnpd.hotplug
index c380538..09a4913 100644
--- a/miniupnpd/files/miniupnpd.hotplug
+++ b/miniupnpd/files/miniupnpd.hotplug
@@ -31,3 +31,7 @@ for iface in $ext_iface $ext_iface6 $(uci_get upnpd config internal_iface; uci_g
     network_get_device device $iface
     [ "$DEVICE" = "$device" ] && /etc/init.d/miniupnpd restart && exit 0
 done
+
+for device in $(fw3 -q zone `uci_get upnpd config external_zone`); do
+    [ "$DEVICE" = "$device" ] && /etc/init.d/miniupnpd restart && exit 0
+done
diff --git a/miniupnpd/files/miniupnpd.init b/miniupnpd/files/miniupnpd.init
index a109244..68ec211 100644
--- a/miniupnpd/files/miniupnpd.init
+++ b/miniupnpd/files/miniupnpd.init
@@ -70,6 +70,7 @@ start() {
         local ipv6_listening_ip
 
 	config_get extiface config external_iface
+	config_get extzone config external_zone
 	config_get intiface config internal_iface
 	config_get extip config external_ip
 	config_get port config port 5000
@@ -93,10 +94,18 @@ start() {
 
 	local ifname
 
-        [ -n "$extiface" ] || network_find_wan extiface
-        [ -n "$extiface" ] || network_find_wan6 extiface
-
-	network_get_device ifname ${extiface}
+        # manual external interface overrides everything
+        if [ -z "$extiface" ] ; then
+            # manual external zone (if dynamically find interfaces
+            # belonging to it) overrides network_find_wan*
+            if [ -n "$extzone" ] ; then
+                ifname=$(fw3 -q zone $extzone | head -1)
+            fi
+            [ -n "$extiface" ] || network_find_wan extiface
+            [ -n "$extiface" ] || network_find_wan6 extiface
+        fi
+
+	[ -n "$ifname"] || network_get_device ifname ${extiface}
 
 	if [ -n "$conffile" ]; then
 		args="-f $conffile"
-- 
2.30.2