summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2024-05-14 16:47:29 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2024-05-14 16:47:29 +0000
commit7c438caa2c21101cbefc2eec21935ab55af19c46 (patch)
tree586f8db96e5b5201bf55ee3cfe6b4d6c17f4b697 /interface-definitions
parentbe41ac33f37bbf740d20021c66dc8fd048a68520 (diff)
downloadvyos-1x-7c438caa2c21101cbefc2eec21935ab55af19c46.tar.gz
vyos-1x-7c438caa2c21101cbefc2eec21935ab55af19c46.zip
T3420: Remove service upnp
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/service_upnp.xml.in229
1 files changed, 0 insertions, 229 deletions
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in
deleted file mode 100644
index 064386ee5..000000000
--- a/interface-definitions/service_upnp.xml.in
+++ /dev/null
@@ -1,229 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="service">
- <children>
- <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py">
- <properties>
- <help>Universal Plug and Play (UPnP) service</help>
- <priority>900</priority>
- </properties>
- <children>
- <leafNode name="friendly-name">
- <properties>
- <help>Name of this service</help>
- <valueHelp>
- <format>txt</format>
- <description>Friendly name</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="wan-interface">
- <properties>
- <help>WAN network interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <constraint>
- #include <include/constraint/interface-name.xml.i>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="wan-ip">
- <properties>
- <help>WAN network IP</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address" />
- <validator name="ipv6-address" />
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="nat-pmp">
- <properties>
- <help>Enable NAT-PMP support</help>
- <valueless />
- </properties>
- </leafNode>
- <leafNode name="secure-mode">
- <properties>
- <help>Enable Secure Mode</help>
- <valueless />
- </properties>
- </leafNode>
- <leafNode name="presentation-url">
- <properties>
- <help>Presentation Url</help>
- <valueHelp>
- <format>txt</format>
- <description>Presentation Url</description>
- </valueHelp>
- </properties>
- </leafNode>
- <node name="pcp-lifetime">
- <properties>
- <help>PCP-base lifetime Option</help>
- </properties>
- <children>
- <leafNode name="max">
- <properties>
- <help>Max lifetime time</help>
- <constraint>
- <validator name="numeric" />
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="min">
- <properties>
- <help>Min lifetime time</help>
- <constraint>
- <validator name="numeric" />
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="listen">
- <properties>
- <help>Local IP addresses for service to listen on</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <valueHelp>
- <format>&lt;interface&gt;</format>
- <description>Monitor interface address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 prefix to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 prefix to listen for incoming connections</description>
- </valueHelp>
- <multi/>
- <constraint>
- #include <include/constraint/interface-name.xml.i>
- <validator name="ip-address"/>
- <validator name="ipv4-prefix"/>
- <validator name="ipv6-prefix"/>
- </constraint>
- </properties>
- </leafNode>
- <node name="stun">
- <properties>
- <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help>
- </properties>
- <children>
- <leafNode name="host">
- <properties>
- <help>The STUN server address</help>
- <valueHelp>
- <format>txt</format>
- <description>The STUN server host address</description>
- </valueHelp>
- <constraint>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/port-number.xml.i>
- </children>
- </node>
- <tagNode name="rule">
- <properties>
- <help>UPnP Rule</help>
- <valueHelp>
- <format>u32:0-65535</format>
- <description>Rule number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-65535"/>
- </constraint>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- <leafNode name="external-port-range">
- <properties>
- <help>Port range (REQUIRE)</help>
- <valueHelp>
- <format>&lt;port&gt;</format>
- <description>single port</description>
- </valueHelp>
- <valueHelp>
- <format>&lt;portN&gt;-&lt;portM&gt;</format>
- <description>Port range (use '-' as delimiter)</description>
- </valueHelp>
- <constraint>
- <validator name="port-range"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="internal-port-range">
- <properties>
- <help>Port range (REQUIRE)</help>
- <valueHelp>
- <format>&lt;port&gt;</format>
- <description>single port</description>
- </valueHelp>
- <valueHelp>
- <format>&lt;portN&gt;-&lt;portM&gt;</format>
- <description>Port range (use '-' as delimiter)</description>
- </valueHelp>
- <constraint>
- <validator name="port-range"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="ip">
- <properties>
- <help>The IP to which this rule applies (REQUIRE)</help>
- <valueHelp>
- <format>ipv4</format>
- <description>The IPv4 address to which this rule applies</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4net</format>
- <description>The IPv4 to which this rule applies</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="ipv4-host"/>
- <validator name="ipv4-prefix"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="action">
- <properties>
- <help>Actions against the rule (REQUIRE)</help>
- <completionHelp>
- <list>allow deny</list>
- </completionHelp>
- <constraint>
- <regex>(allow|deny)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>