diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2022-09-06 19:42:18 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2022-09-06 20:28:11 +0200 |
| commit | f1c69d0e6cea3dc33e3cc86e22812afb8ecb1032 (patch) | |
| tree | de54766618ef41ed87d2539281ca79a9c87677b1 /net/miniupnpd/files/nftables.d/chain-post | |
| parent | 6dd38447d5a067637039f050b763826834e7a8a9 (diff) | |
miniupnpd: rework firewall4 integration
- Bump to the latest Git version in order to increase the package version
for simpler opkg upgrade of the broken version
- (Re-)Introduce PKG_RELEASE into the package, omitting it may lead to
opkg segmentation faults under certain circumstances
- Utilize automatic include hooks to drop the isolated miniupnpd table
in favor to chains within the main inet fw4 table, otherwise PCP is
unreliable as the upnp table might accept traffic which is later
rejected by fw4
- Install a fw4 script hook to restart miniupnpd on fw4 restarts and
reloads in order to repopulate the upnp chains with forward rules
- Register the used miniupnpd configuration file and the firewall uci
configuration as change sources, otherwise `/etc/init.d/miniupnpd reload`
has no effect if the firewall or upnpd config was changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'net/miniupnpd/files/nftables.d/chain-post')
3 files changed, 3 insertions, 0 deletions
diff --git a/net/miniupnpd/files/nftables.d/chain-post/dstnat/20-miniupnpd.nft b/net/miniupnpd/files/nftables.d/chain-post/dstnat/20-miniupnpd.nft new file mode 100644 index 000000000..2b3c627aa --- /dev/null +++ b/net/miniupnpd/files/nftables.d/chain-post/dstnat/20-miniupnpd.nft @@ -0,0 +1 @@ +jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"; diff --git a/net/miniupnpd/files/nftables.d/chain-post/forward/20-miniupnpd.nft b/net/miniupnpd/files/nftables.d/chain-post/forward/20-miniupnpd.nft new file mode 100644 index 000000000..b8c29fb89 --- /dev/null +++ b/net/miniupnpd/files/nftables.d/chain-post/forward/20-miniupnpd.nft @@ -0,0 +1 @@ +jump upnp_forward comment "Hook into miniupnpd forwarding chain"; diff --git a/net/miniupnpd/files/nftables.d/chain-post/srcnat/20-miniupnpd.nft b/net/miniupnpd/files/nftables.d/chain-post/srcnat/20-miniupnpd.nft new file mode 100644 index 000000000..2d0051e20 --- /dev/null +++ b/net/miniupnpd/files/nftables.d/chain-post/srcnat/20-miniupnpd.nft @@ -0,0 +1 @@ +jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"; |