miniupnpd: Various IPv6 related fixes to scripts (IPv6-only, multi-uplink, ..)

miniupnpd/files/firewall.include

@@ -1,6 +1,14 @@
 #!/bin/sh
 # miniupnpd integration for firewall3
 
+# Note: Correct way to do this would be probably to use
+# /lib/functions/network.sh, and use network_find_wan{,6}, and then
+# network_get_device, then determine their zones using fw3 -q network
+# etc. However, network_find_wan* return only one device, and
+# frequently incorrect one if multiple ISPs are in use. So this
+# current ugly solution works, although perhaps makes holes where it
+# shouldn't (if so, do override it in e.g. firewall.user)
+
 IP6TABLES=/usr/sbin/ip6tables
 
 iptables -t filter -N MINIUPNPD 2>/dev/null
@@ -8,31 +16,11 @@ iptables -t nat -N MINIUPNPD 2>/dev/null
 
 [ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
 
-. /lib/functions/network.sh
+# IPv4 - due to NAT, need to add both to nat and filter table
+iptables -t filter -I delegate_forward 2 -j MINIUPNPD
+iptables -t nat -I delegate_prerouting 2 -j MINIUPNPD
 
-add_extzone_rules() {
+# IPv6 if available - filter only
-    local ext_zone=$1
+[ -x $IP6TABLES ] && {
-
+    $IP6TABLES -t filter -I delegate_forward 2 -j MINIUPNPD
-    # IPv4 - due to NAT, need to add both to nat and filter table
-    iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
-    iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
-
-    # IPv6 if available - filter only
-    [ -x $IP6TABLES ] && {
-        $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
-    }
 }
-
-network_find_wan wan_iface
-network_get_device wan_device $wan_iface
-
-for ext_zone in $(fw3 -q device "$wan_device"); do
-    add_extzone_rules $ext_zone
-done
-
-for ext_iface in $(uci -q get upnpd.config.external_iface); do
-	for ext_zone in $(fw3 -q network "$ext_iface"); do
-            add_extzone_rules $ext_zone
-	done
-done
-

miniupnpd/files/miniupnpd.defaults

@@ -5,7 +5,7 @@ uci -q batch <<-EOT
 	set firewall.miniupnpd=include
 	set firewall.miniupnpd.type=script
 	set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
-	set firewall.miniupnpd.family=IPv4
+	set firewall.miniupnpd.family=any
 	set firewall.miniupnpd.reload=1
 	commit firewall
 EOT

miniupnpd/files/miniupnpd.hotplug

@@ -1,14 +1,28 @@
 #!/bin/sh
 
-/etc/init.d/miniupnpd enabled && [ "$ACTION" = "ifup" ] && {
+if [ ! /etc/init.d/miniupnpd enabled ]
-	local iface
+then
-        local ext_iface
+    exit 0
+fi
 
-        . /lib/functions/network.sh
+. /lib/functions/service.sh
-        network_find_wan ext_iface
 
-	for iface in $ext_iface $(uci_get upnpd config internal_iface; uci_get upnpd config external_iface); do
+# If miniupnpd is not running:
+# - check on _any_ event (even updates may contribute to network_find_wan*)
+# If miniupnpd _is_ running:
+# - check only on ifup
+
+[ ! "$ACTION" = "ifup" ] && service_check /usr/sbin/miniupnpd && exit 0
+
+local iface
+local ext_iface
+local ext_iface6
+
+. /lib/functions/network.sh
+network_find_wan ext_iface
+network_find_wan6 ext_iface6
+
+for iface in $ext_iface $ext_iface6 $(uci_get upnpd config internal_iface; uci_get upnpd config external_iface); do
     [ "$INTERFACE" = "$iface" ] && /etc/init.d/miniupnpd restart
     exit 0
-	done
+done
-}

miniupnpd/files/miniupnpd.init

@@ -94,6 +94,7 @@ start() {
 	local ifname
 
         [ -n "$extiface" ] || network_find_wan extiface
+        [ -n "$extiface" ] || network_find_wan6 extiface
 
 	network_get_device ifname ${extiface}