Public bug reported:
Version: 1.7-3
Hardcoded chain names in the init file are not very helpful as they are
hard to integrate with other software. E.g. shorewall needs
upnp_forward_chain=forwardUPnP
upnp_nat_chain=UPnP
There also should be a way to disable the iptables code in the init file
altogether.
Also, using IP adresses (EXTIP) in the rules doesn't seem very useful
for people who's external IP address changes every 24 hours (e.g. most
German DSL users).
And a minor issue: configure says " The MiniUPnP daemon will listen on a
specific interface for requests on your local network. This interface
shouldn't be accessible from the public network." but you actually mean
the external interface name here.
In summary, I suggest:
* The chain names used in the init script should be read from that
/etc/miniupnpd/miniupnpd.conf (upnp_forward_chain and upnp_nat_chain)
* The config process should write the external interface name
(ext_ifname) and the internal listening ip (listening_ip) to
/etc/miniupnpd/miniupnpd.conf. The init script should use the value
from that file.
* "-i ${MiniUPnPd_EXTERNAL_INTERFACE} -o ${EXTIP} -a
${MiniUPnPd_LISTENING_IP}" needs to go away. Let the daemon use the
values from /etc/miniupnpd/miniupnd.conf instead.
* The iptables rules in /etc/init.d/miniupnpd should not use an external
IP address, only an interface name (ext_ifname)
* /etc/default/minupnpd should get an option to completly disable
iptables code in /etc/init.d/miniupnpd
* The allow rule in /etc/default/miniupnpd.conf must be set through a
config question, the hardcoded "192.168.0.0/16" isn't good enough
** Affects: miniupnpd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1045061
Title:
Hardcoded chain names and rules need to go away
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/miniupnpd/+bug/1045061/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
