diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-05-14 16:47:29 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-05-14 16:47:29 +0000 |
commit | 7c438caa2c21101cbefc2eec21935ab55af19c46 (patch) | |
tree | 586f8db96e5b5201bf55ee3cfe6b4d6c17f4b697 /interface-definitions | |
parent | be41ac33f37bbf740d20021c66dc8fd048a68520 (diff) | |
download | vyos-1x-7c438caa2c21101cbefc2eec21935ab55af19c46.tar.gz vyos-1x-7c438caa2c21101cbefc2eec21935ab55af19c46.zip |
T3420: Remove service upnp
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/service_upnp.xml.in | 229 |
1 files changed, 0 insertions, 229 deletions
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in deleted file mode 100644 index 064386ee5..000000000 --- a/interface-definitions/service_upnp.xml.in +++ /dev/null @@ -1,229 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py"> - <properties> - <help>Universal Plug and Play (UPnP) service</help> - <priority>900</priority> - </properties> - <children> - <leafNode name="friendly-name"> - <properties> - <help>Name of this service</help> - <valueHelp> - <format>txt</format> - <description>Friendly name</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="wan-interface"> - <properties> - <help>WAN network interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <constraint> - #include <include/constraint/interface-name.xml.i> - </constraint> - </properties> - </leafNode> - <leafNode name="wan-ip"> - <properties> - <help>WAN network IP</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address" /> - <validator name="ipv6-address" /> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="nat-pmp"> - <properties> - <help>Enable NAT-PMP support</help> - <valueless /> - </properties> - </leafNode> - <leafNode name="secure-mode"> - <properties> - <help>Enable Secure Mode</help> - <valueless /> - </properties> - </leafNode> - <leafNode name="presentation-url"> - <properties> - <help>Presentation Url</help> - <valueHelp> - <format>txt</format> - <description>Presentation Url</description> - </valueHelp> - </properties> - </leafNode> - <node name="pcp-lifetime"> - <properties> - <help>PCP-base lifetime Option</help> - </properties> - <children> - <leafNode name="max"> - <properties> - <help>Max lifetime time</help> - <constraint> - <validator name="numeric" /> - </constraint> - </properties> - </leafNode> - <leafNode name="min"> - <properties> - <help>Min lifetime time</help> - <constraint> - <validator name="numeric" /> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="listen"> - <properties> - <help>Local IP addresses for service to listen on</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <valueHelp> - <format><interface></format> - <description>Monitor interface address</description> - </valueHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 prefix to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 prefix to listen for incoming connections</description> - </valueHelp> - <multi/> - <constraint> - #include <include/constraint/interface-name.xml.i> - <validator name="ip-address"/> - <validator name="ipv4-prefix"/> - <validator name="ipv6-prefix"/> - </constraint> - </properties> - </leafNode> - <node name="stun"> - <properties> - <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help> - </properties> - <children> - <leafNode name="host"> - <properties> - <help>The STUN server address</help> - <valueHelp> - <format>txt</format> - <description>The STUN server host address</description> - </valueHelp> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - #include <include/port-number.xml.i> - </children> - </node> - <tagNode name="rule"> - <properties> - <help>UPnP Rule</help> - <valueHelp> - <format>u32:0-65535</format> - <description>Rule number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-65535"/> - </constraint> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="external-port-range"> - <properties> - <help>Port range (REQUIRE)</help> - <valueHelp> - <format><port></format> - <description>single port</description> - </valueHelp> - <valueHelp> - <format><portN>-<portM></format> - <description>Port range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="port-range"/> - </constraint> - </properties> - </leafNode> - <leafNode name="internal-port-range"> - <properties> - <help>Port range (REQUIRE)</help> - <valueHelp> - <format><port></format> - <description>single port</description> - </valueHelp> - <valueHelp> - <format><portN>-<portM></format> - <description>Port range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="port-range"/> - </constraint> - </properties> - </leafNode> - <leafNode name="ip"> - <properties> - <help>The IP to which this rule applies (REQUIRE)</help> - <valueHelp> - <format>ipv4</format> - <description>The IPv4 address to which this rule applies</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>The IPv4 to which this rule applies</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv4-host"/> - <validator name="ipv4-prefix"/> - </constraint> - </properties> - </leafNode> - <leafNode name="action"> - <properties> - <help>Actions against the rule (REQUIRE)</help> - <completionHelp> - <list>allow deny</list> - </completionHelp> - <constraint> - <regex>(allow|deny)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> |