Public bug reported: Version: 1.7-3
Hardcoded chain names in the init file are not very helpful as they are hard to integrate with other software. E.g. shorewall needs upnp_forward_chain=forwardUPnP upnp_nat_chain=UPnP There also should be a way to disable the iptables code in the init file altogether. Also, using IP adresses (EXTIP) in the rules doesn't seem very useful for people who's external IP address changes every 24 hours (e.g. most German DSL users). And a minor issue: configure says " The MiniUPnP daemon will listen on a specific interface for requests on your local network. This interface shouldn't be accessible from the public network." but you actually mean the external interface name here. In summary, I suggest: * The chain names used in the init script should be read from that /etc/miniupnpd/miniupnpd.conf (upnp_forward_chain and upnp_nat_chain) * The config process should write the external interface name (ext_ifname) and the internal listening ip (listening_ip) to /etc/miniupnpd/miniupnpd.conf. The init script should use the value from that file. * "-i ${MiniUPnPd_EXTERNAL_INTERFACE} -o ${EXTIP} -a ${MiniUPnPd_LISTENING_IP}" needs to go away. Let the daemon use the values from /etc/miniupnpd/miniupnd.conf instead. * The iptables rules in /etc/init.d/miniupnpd should not use an external IP address, only an interface name (ext_ifname) * /etc/default/minupnpd should get an option to completly disable iptables code in /etc/init.d/miniupnpd * The allow rule in /etc/default/miniupnpd.conf must be set through a config question, the hardcoded "192.168.0.0/16" isn't good enough ** Affects: miniupnpd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1045061 Title: Hardcoded chain names and rules need to go away To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/miniupnpd/+bug/1045061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs