PKG_NAME:=miniupnpd
PKG_VERSION:=1.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_MD5SUM:=b5e70e80dcf45b424b8fe3c966bdc613
PKG_SOURCE_URL:=http://miniupnp.free.fr/files
endef
define Package/miniupnpd/install
- $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/lib/miniupnpd
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/firewall
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/miniupnpd
$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
$(INSTALL_DATA) ./files/upnpd.config $(1)/etc/config/upnpd
- $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/20-miniupnpd
- $(INSTALL_DATA) ./files/miniupnpd.firewall $(1)/lib/miniupnpd/firewall.sh
+ $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
endef
$(eval $(call BuildPackage,miniupnpd))
+++ /dev/null
-. /etc/functions.sh
-include /lib/network
-scan_interfaces
-
-upnp_ipt() {
- iptables "$@" 2>/dev/null
-}
-
-upnp_firewall_addif() {
- local extif
- local extip
- local iface
-
- config_load upnpd
- config_get iface config external_iface
-
- [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
-
- config_load network
- config_get extip "${iface:-wan}" ipaddr
- config_get extif "${iface:-wan}" ifname
-
- logger -t "upnp firewall" "adding wan interface $extif($extip)"
-
- upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule
- upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD
- upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule
-
- upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule
- upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD
- upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule
-}
-
-upnp_firewall_delif() {
- local iface
-
- config_load upnpd
- config_get iface config external_iface
-
- [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
-
- logger -t "upnp firewall" "removing wan interface"
-
- upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule
- upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule
- upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule
-
- upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule
- upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule
- upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule
-}
-
-upnp_firewall_start() {
- upnp_ipt -t nat -N MINIUPNPD
- upnp_ipt -t filter -N MINIUPNPD
- upnp_firewall_addif
-}
-
-upnp_firewall_stop() {
- upnp_firewall_delif
- upnp_ipt -t nat -F MINIUPNPD
- upnp_ipt -t nat -X MINIUPNPD
- upnp_ipt -t filter -F MINIUPNPD
- upnp_ipt -t filter -X MINIUPNPD
-}
#!/bin/sh
/etc/init.d/miniupnpd enabled && {
- killall -0 miniupnpd 2>/dev/null && {
- . /lib/miniupnpd/firewall.sh
- [ "$ACTION" = "ifup" ] && {
- upnp_firewall_delif
- upnp_firewall_addif
+ local state="${ZONE}_${INTERFACE}"
+ local extif initifs
+
+ config_load upnpd
+ config_get extif config external_iface
+
+ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
+
+ local active
+ config_get active "$state" ifname
+
+ [ -z "$active" ] && {
+ local ipaddr
+ config_get ipaddr "$extif" ipaddr
+
+ logger -t "upnp" "adding $INTERFACE ($DEVICE - $ipaddr) to firewall"
+
+ iptables -t nat -N MINIUPNPD 2>/dev/null
+ iptables -t nat -A prerouting_rule -i $DEVICE -d $ipaddr -j MINIUPNPD
+ iptables -t filter -N MINIUPNPD 2>/dev/null
+ iptables -t filter -A forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
+
+ uci_set_state upnpd "$state" "" "firewall"
+ uci_set_state upnpd "$state" ifname "$DEVICE"
+ uci_set_state upnpd "$state" ipaddr "$ipaddr"
}
+
+ elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$extif" ]; then
- [ "$ACTION" = "ifdown" ] && {
- upnp_firewall_delif
+ local ifname ipaddr
+ config_get ifname "$state" ifname
+ config_get ipaddr "$state" ipaddr
+
+ [ -n "$ifname" ] && [ -n "$ipaddr" ] && {
+ logger -t "upnp" "removing $INTERFACE ($ifname - $ipaddr) from firewall"
+ iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
+ iptables -t filter -D forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
+ uci_revert_state upnpd "$state"
}
- } || {
- /etc/init.d/miniupnpd restart
- }
+ fi
}
+
#!/bin/sh /etc/rc.common
START=95
-include /lib/miniupnpd
-
-boot() {
- # On boot, there's a race condition with hotplug,
- # therfore do nothing here
- return
-}
-
start() {
- local extif
- local intif
- local extiface
- local upload
- local download
- local logging
- local secure
-
config_load "upnpd"
- config_get extif config external_iface
- config_get intif config internal_iface
+ local extiface intiface upload download logging secure
+
+ config_get extiface config external_iface
+ config_get intiface config internal_iface
config_get upload config upload
config_get download config download
config_get_bool logging config log_output 0
config_get_bool secure config secure_mode 0
- config_load "network"
- config_get extiface ${extif:-wan} ifname
-
- if [ -n "$extiface" ]; then
- upnp_firewall_start
+ include /lib/network
+ scan_interfaces
+
+ local ifname
+ config_get ifname ${extiface:-wan} ifname
- local args="-i $extiface"
+ if [ -n "$ifname" ]; then
+ local args="-i $ifname"
+ local iface
- for iface in ${intif:-lan}; do
+ for iface in ${intiface:-lan}; do
local ipaddr
config_get ipaddr "$iface" ipaddr
[ -n "$ipaddr" ] && append args "-a $ipaddr"
else
eval start-stop-daemon -S -x miniupnpd -- $args 2>/dev/null
fi
+
+ # start firewall
+ local zone
+ config_load firewall
+ config_get zone core "${extiface:-wan}_zone"
+ [ -n "$zone" ] && \
+ ACTION="add" ZONE="$zone" INTERFACE="${extiface:-wan}" DEVICE="$ifname" \
+ . /etc/hotplug.d/firewall/50-miniupnpd
else
logger -t "upnp daemon" "external interface not found, not starting"
fi
}
+clear_rule() {
+ local state="$1"
+ local ifname ipaddr
+
+ config_get ifname "$state" ifname
+ config_get ipaddr "$state" ipaddr
+
+ [ -n "$ifname" ] && [ -n "$ipaddr" ] && {
+ iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
+ iptables -t filter -D forwarding_rule -i $ifname ! -o $ifname -j MINIUPNPD
+ uci_revert_state upnpd "$state"
+ unset "CONFIG_${state}_ifname"
+ unset "CONFIG_${state}_ipaddr"
+ }
+}
+
stop() {
start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
- upnp_firewall_stop
+ rm -f /var/run/miniupnpd.pid
+
+ logger -t "upnp" "removing firewall rules"
+
+ config_load upnpd
+ config_foreach clear_rule firewall
+
+ iptables -t nat -F MINIUPNPD 2>/dev/null
+ iptables -t nat -X MINIUPNPD 2>/dev/null
+ iptables -t filter -F MINIUPNPD 2>/dev/null
+ iptables -t filter -X MINIUPNPD 2>/dev/null
}
+
projects / openwrt / svn-archive / archive.git / commitdiff