nat: T538: Move nat configs to /run directory

1 files changed, 9 insertions, 6 deletions

diff --git a/data/templates/firewall/upnpd.conf.j2 b/data/templates/firewall/upnpd.conf.j2
index 27573cbf9..e964fc696 100644
--- a/data/templates/firewall/upnpd.conf.j2
+++ b/data/templates/firewall/upnpd.conf.j2
@@ -71,7 +71,7 @@ min_lifetime={{ pcp_lifetime.min }}
 
 {% if friendly_name is vyos_defined %}
 # Name of this service, default is "`uname -s` router"
-friendly_name= {{ friendly_name }}
+friendly_name={{ friendly_name }}
 {% endif  %}
 
 # Manufacturer name, default is "`uname -s`"
@@ -117,7 +117,10 @@ clean_ruleset_threshold=10
 clean_ruleset_interval=600
 
 # Anchor name in pf (default is miniupnpd)
-anchor=VyOS
+# Something wrong with this option "anchor", comment it out
+#   vyos@r14# miniupnpd -vv -f /run/upnp/miniupnp.conf
+#   invalid option in file /run/upnp/miniupnp.conf line 74 : anchor=VyOS
+#anchor=VyOS
 
 uuid={{ uuid }}
 
@@ -129,7 +132,7 @@ lease_file=/config/upnp.leases
 #serial=12345678
 #model_number=1
 
-{% if rules is vyos_defined %}
+{% if rule is vyos_defined %}
 # UPnP permission rules
 # (allow|deny) (external port range) IP/mask (internal port range)
 # A port range is <min port>-<max port> or <port> if there is only
@@ -142,9 +145,9 @@ lease_file=/config/upnp.leases
 # modify the IP ranges to match their own internal networks, and
 # also consider implementing network-specific restrictions
 # CAUTION: failure to enforce any rules may permit insecure requests to be made!
-{%     for rule, config in rules.items() %}
-{%         if config.disable is vyos_defined %}
-{{ config.action }} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }}
+{%     for rule, config in rule.items() %}
+{%         if config.disable is not vyos_defined %}
+{{ config.action }} {{ config.external_port_range }} {{ config.ip }}{{ '/32' if '/' not in config.ip else '' }} {{ config.internal_port_range }}
 {%         endif %}
 {%     endfor %}
 {% endif %}