38 lines
972 B
Bash
38 lines
972 B
Bash
#!/bin/sh
|
|
# miniupnpd integration for firewall3
|
|
|
|
IP6TABLES=/usr/sbin/ip6tables
|
|
|
|
iptables -t filter -N MINIUPNPD 2>/dev/null
|
|
iptables -t nat -N MINIUPNPD 2>/dev/null
|
|
|
|
[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
|
|
|
|
. /lib/functions/network.sh
|
|
|
|
add_extzone_rules() {
|
|
local ext_zone=$1
|
|
|
|
# IPv4 - due to NAT, need to add both to nat and filter table
|
|
iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
|
|
iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
|
|
|
|
# IPv6 if available - filter only
|
|
[ -x $IP6TABLES ] && {
|
|
$IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
|
|
}
|
|
}
|
|
|
|
network_find_wan wan_iface
|
|
network_get_device wan_device $wan_iface
|
|
|
|
for ext_zone in $(fw3 -q device "$wan_device"); do
|
|
add_extzone_rules $ext_zone
|
|
done
|
|
|
|
for ext_iface in $(uci -q get upnpd.config.external_iface); do
|
|
for ext_zone in $(fw3 -q network "$ext_iface"); do
|
|
add_extzone_rules $ext_zone
|
|
done
|
|
done
|
|
|