[Astlinux-commits] SF.net SVN: astlinux:[5598] branches/1.0

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 5598
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5598&view=rev
Author:   abelbeck
Date:     2012-07-08 13:52:05 +0000 (Sun, 08 Jul 2012)
Log Message:
-----------
miniupnpd, add UPNP_ALLOW for power users to restrict allowed IPv4 addresses or CIDR's

Modified Paths:
--------------
    branches/1.0/package/miniupnpd/miniupnpd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================

--- branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-08 01:36:05 UTC (rev 5597)
+++ branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-08 13:52:05 UTC (rev 5598)
@@ -61,6 +61,20 @@
   )
 }
 
+upnp_allow()
+{
+  local addr allow IFS
+
+  unset IFS
+  for addr in $UPNP_ALLOW; do
+    case $addr in
+      */*) allow="$addr" ;;
+        *) allow="$addr/32" ;;
+    esac
+    echo "allow 1024-65535 ${allow} 1024-65535"
+  done
+}
+
 is_upnp_enabled()
 {
   # args: IF_Name
@@ -146,7 +160,11 @@
 friendly_name=AstLinux Router
 serial=000001
 model_number=$(cat /etc/astlinux-release)" >> $MINIUPNPD_CONF
-  echo -e "$RULES" >> $MINIUPNPD_CONF
+  if [ -n "$UPNP_ALLOW" ]; then
+    upnp_allow >> $MINIUPNPD_CONF
+  else
+    echo -e "$RULES" >> $MINIUPNPD_CONF
+  fi
   echo "deny 0-65535 0.0.0.0/0 0-65535" >> $MINIUPNPD_CONF
 }
 

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-07-08 01:36:05 UTC (rev 5597)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-07-08 13:52:05 UTC (rev 5598)
@@ -417,6 +417,9 @@
 ## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
 ## "DMZIF" for DMZ Interface
 #UPNP_LISTEN="INTIF"
+## Optional, restrict allowed IPv4 addresses or CIDR's in UPNP_ALLOW, space separated for multiple.
+## By default all of the networks of the UPNP_LISTEN interfaces will be allowed.
+#UPNP_ALLOW="192.168.101.20 192.168.101.88/29"
 ## UPnP Options
 #UPNP_BITRATE_UP=1000000
 #UPNP_BITRATE_DOWN=10000000

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



