+++ /dev/null
-#!/bin/sh
-# miniupnpd integration for firewall3
-
-IP6TABLES=/usr/sbin/ip6tables
-
-iptables -t filter -N MINIUPNPD 2>/dev/null
-iptables -t nat -N MINIUPNPD 2>/dev/null
-iptables -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
-
-[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
-
-. /lib/functions/network.sh
-
-ADDED=0
-
-add_extzone_rules() {
- local ext_zone=$1
-
- [ -z "$ext_zone" ] && return
-
- # IPv4 - due to NAT, need to add both to nat and filter table
- iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
- iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
- iptables -t nat -I zone_${ext_zone}_postrouting -j MINIUPNPD-POSTROUTING
-
- # IPv6 if available - filter only
- [ -x $IP6TABLES ] && {
- $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
- }
- ADDED=$(($ADDED + 1))
-}
-
-# By default, user configuration is king.
-
-for ext_iface in $(uci -q get upnpd.config.external_iface); do
- add_extzone_rules $(fw3 -q network "$ext_iface")
-done
-
-add_extzone_rules $(uci -q get upnpd.config.external_zone)
-
-[ ! $ADDED = 0 ] && exit 0
-
-
-# If really nothing is available, resort to network_find_wan{,6} and
-# assume external interfaces all have same firewall zone.
-
-# (This heuristic may fail horribly, in case of e.g. multihoming, so
-# please set external_zone in that case!)
-
-network_find_wan wan_iface
-network_find_wan6 wan6_iface
-
-for ext_iface in $wan_iface $wan6_iface; do
- # fw3 -q network fails on sub-interfaces => map to device first
- network_get_device ext_device $ext_iface
- add_extzone_rules $(fw3 -q device "$ext_device")
-done
projects / feed / routing.git / blobdiff