miniupnpd/files/firewall.include

   1 #!/bin/sh
   2 # miniupnpd integration for firewall3
   3
   4 # Note: Correct way to do this would be probably to use
   5 # /lib/functions/network.sh, and use network_find_wan{,6}, and then
   6 # network_get_device, then determine their zones using fw3 -q network
   7 # etc. However, network_find_wan* return only one device, and
   8 # frequently incorrect one if multiple ISPs are in use. So this
   9 # current ugly solution works, although perhaps makes holes where it
  10 # shouldn't (if so, do override it in e.g. firewall.user)
  11
  12 IP6TABLES=/usr/sbin/ip6tables
  13
  14 iptables -t filter -N MINIUPNPD 2>/dev/null
  15 iptables -t nat -N MINIUPNPD 2>/dev/null
  16
  17 [ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
  18
  19 # IPv4 - due to NAT, need to add both to nat and filter table
  20 iptables -t filter -I delegate_forward 2 -j MINIUPNPD
  21 iptables -t nat -I delegate_prerouting 2 -j MINIUPNPD
  22
  23 # IPv6 if available - filter only
  24 [ -x $IP6TABLES ] && {
  25     $IP6TABLES -t filter -I delegate_forward 2 -j MINIUPNPD
  26 }