diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-08-19 20:31:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-19 20:31:33 +0200 |
| commit | d247bc04b765a92c973ef93d94f8955312fdc13c (patch) | |
| tree | 50a8aa29e49891380da36bb2bc8fc8f5e2497a3b | |
| parent | f92a23ef9ab8be59681e5b7ba627e399d89bce53 (diff) | |
| parent | 6940bcf8d650eea714075df74b47bf0c99642743 (diff) | |
| download | vyos-1x-d247bc04b765a92c973ef93d94f8955312fdc13c.tar.gz vyos-1x-d247bc04b765a92c973ef93d94f8955312fdc13c.zip | |
Merge pull request #1476 from sever-sever/T4620
UPnP: T4211: T4620 Fix upnp template
| -rw-r--r-- | data/templates/firewall/upnpd.conf.j2 | 15 | ||||
| -rw-r--r-- | interface-definitions/service-upnp.xml.in | 7 |
2 files changed, 15 insertions, 7 deletions
diff --git a/data/templates/firewall/upnpd.conf.j2 b/data/templates/firewall/upnpd.conf.j2 index 27573cbf9..e964fc696 100644 --- a/data/templates/firewall/upnpd.conf.j2 +++ b/data/templates/firewall/upnpd.conf.j2 @@ -71,7 +71,7 @@ min_lifetime={{ pcp_lifetime.min }} {% if friendly_name is vyos_defined %} # Name of this service, default is "`uname -s` router" -friendly_name= {{ friendly_name }} +friendly_name={{ friendly_name }} {% endif %} # Manufacturer name, default is "`uname -s`" @@ -117,7 +117,10 @@ clean_ruleset_threshold=10 clean_ruleset_interval=600 # Anchor name in pf (default is miniupnpd) -anchor=VyOS +# Something wrong with this option "anchor", comment it out +# vyos@r14# miniupnpd -vv -f /run/upnp/miniupnp.conf +# invalid option in file /run/upnp/miniupnp.conf line 74 : anchor=VyOS +#anchor=VyOS uuid={{ uuid }} @@ -129,7 +132,7 @@ lease_file=/config/upnp.leases #serial=12345678 #model_number=1 -{% if rules is vyos_defined %} +{% if rule is vyos_defined %} # UPnP permission rules # (allow|deny) (external port range) IP/mask (internal port range) # A port range is <min port>-<max port> or <port> if there is only @@ -142,9 +145,9 @@ lease_file=/config/upnp.leases # modify the IP ranges to match their own internal networks, and # also consider implementing network-specific restrictions # CAUTION: failure to enforce any rules may permit insecure requests to be made! -{% for rule, config in rules.items() %} -{% if config.disable is vyos_defined %} -{{ config.action }} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }} +{% for rule, config in rule.items() %} +{% if config.disable is not vyos_defined %} +{{ config.action }} {{ config.external_port_range }} {{ config.ip }}{{ '/32' if '/' not in config.ip else '' }} {{ config.internal_port_range }} {% endif %} {% endfor %} {% endif %} diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in index b1e6f170a..ec23d87df 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service-upnp.xml.in @@ -197,10 +197,15 @@ <help>The IP to which this rule applies (REQUIRE)</help> <valueHelp> <format>ipv4</format> + <description>The IPv4 address to which this rule applies</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> <description>The IPv4 to which this rule applies</description> </valueHelp> <constraint> - <validator name="ipv4-address" /> + <validator name="ipv4-address"/> + <validator name="ipv4-host"/> </constraint> </properties> </leafNode> |