Modify

Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#8690 closed enhancement (fixed)

Add UCI support for miniupnpd permission rules

Reported by: anonymous Owned by: cshore
Priority: low Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

In addition to its secure mode miniupnpd also provide a way to restrict the port ranges that can be forwarded (miniupnpd.conf).

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
allow 1024-65535 192.168.0.0/24 1024-65535
allow 1024-65535 192.168.1.0/24 1024-65535
allow 1024-65535 192.168.0.0/23 22
allow 12345 192.168.7.113/32 54321
deny 0-65535 0.0.0.0/0 0-65535

Currently UCI support for miniupnpd.conf permissions is missing.

Actually minupnpd package does not provide any miniupnpd.conf file
and allow redirections for privileged ports by default.

About UPnP security vulnerabilities, 2008, miniupnpd Forum
FLASH UPNP ATTACK FAQ, 2008

Attachments (0)

Change History (5)

comment:1 Changed 7 years ago by jow

  • Owner changed from developers to jow
  • Status changed from new to accepted

comment:2 Changed 7 years ago by cshore

  • Owner changed from jow to cshore
  • Status changed from accepted to assigned

Should be fixed in r25960.

comment:3 Changed 7 years ago by cshore

  • Status changed from assigned to accepted

comment:4 Changed 7 years ago by cshore

  • Resolution set to fixed
  • Status changed from accepted to closed

comment:5 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.