miniupnpd: Add configuration and scripts.

config/miniupnpd/miniupnpd.conf

@@ -0,0 +1,47 @@
+
+# LAN network interfaces IPs / networks
+# there can be multiple listening ips for SSDP traffic.
+# should be under the form nnn.nnn.nnn.nnn/nn
+# HTTP is available on all interfaces
+# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
+port=0
+
+# chain names for netfilter (not used for pf or ipf).
+upnp_forward_chain=UPNPFW
+upnp_nat_chain=UPNPFW
+
+# bitrates reported by daemon in bits per second
+bitrate_up=1000000
+bitrate_down=10000000
+
+# "secure" mode : when enabled, UPnP client are allowed to add mappings only
+# to their IP.
+secure_mode=yes
+
+# report system uptime instead of daemon uptime
+system_uptime=yes
+
+# notify interval in seconds. default is 30 seconds.
+notify_interval=60
+
+# unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# serial and model number the daemon will report to clients
+# in its XML description
+serial=12345678
+model_number=1
+
+# UPnP permission rules
+# (allow|deny) (external port range) ip/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# ip/mask format must be nn.nn.nn.nn/nn
+# it is advised to only allow redirection of port above 1024
+# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+allow 0-65535 0.0.0.0/0 0-65535

lfs/miniupnpd

@@ -75,5 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
 
 	cd $(DIR_APP) && install -m 755 miniupnpd /usr/sbin
+	-mkdir -pv /etc/miniupnpd
+	cp -vf $(DIR_SRC)/config/miniupnpd/miniupnpd.conf /etc/miniupnpd/miniupnpd.conf
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

src/initscripts/init.d/firewall

@@ -250,7 +250,8 @@ case "$1" in
 	# upnp chain for our upnp daemon
 	/sbin/iptables -t nat -N UPNPFW
 	/sbin/iptables -t nat -A PREROUTING -j UPNPFW
-
+	# This chain only contains dummy rules.
+	/sbin/iptables -N UPNPFW
 
 	# Custom mangle chain (for port fowarding)
 	/sbin/iptables -t mangle -N PORTFWMANGLE

src/initscripts/init.d/miniupnpd

@@ -0,0 +1,69 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/miniupnpd
+#
+# Description : Miniupnp daemon
+#
+# Authors     : Michael Tremer <michael.tremer@ipfire.org>
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+if [ ! -e /etc/miniupnpd/id ]; then
+	uuidgen > /etc/miniupnpd/id
+fi
+
+UUID=$(cat /etc/miniupnpd/id)
+
+EXT_DEV=$(cat /var/ipfire/red/iface)
+EXT_IP4=$(cat /var/ipfire/red/local-ipaddress)
+
+. /var/ipfire/ethernet/settings
+
+for i in GREEN_ADDRESS BLUE_ADDRESS; do
+	[ -n "${!i}" ] && LISTEN_IP="${LISTEN_IP} -a ${!i}"
+done
+
+function flush_iptables() {
+	# Flush iptables to remove all entries that were left
+	iptables -F UPNPFW
+	iptables -t nat -F UPNPFW
+}
+
+case "${1}" in
+	start)
+		boot_mesg "Starting miniupnpd..."
+
+		flush_iptables
+
+		loadproc miniupnpd -f /etc/miniupnpd/miniupnpd.conf \
+			-i ${EXT_DEV} -o ${EXT_IP4} ${LISTEN_IP} \
+			-u ${UUID}
+		;;
+
+	stop)
+		boot_mesg "Stopping miniupnpd..."
+		killproc miniupnpd
+
+		flush_iptables
+		;;
+
+	restart)
+		${0} stop
+		sleep 1
+		${0} start
+		;;
+
+	status)
+		statusproc miniupnpd
+		;;
+
+	*)
+		echo "Usage: ${0} {start|stop|restart|status}"
+		exit 1
+		;;
+esac
+
+# End $rc_base/init.d/miniupnpd

src/initscripts/init.d/networking/red.down/10-miniupnpd

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+	/etc/init.d/miniupnpd stop &>/dev/null
+
+exit 0

src/initscripts/init.d/networking/red.up/10-miniupnpd

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+	/etc/init.d/miniupnpd start &>/dev/null
+
+exit 0