From 773b87977eb176a15f18d31c71987a398d34ee70 Mon Sep 17 00:00:00 2001 From: Marco Martins Date: Thu, 19 Nov 2020 21:53:31 +0000 Subject: [PATCH] miniupnpd: Added chain rule to filter table so udp stun incoming connections rules works Signed-off-by: Marco Martins --- net/miniupnpd/files/firewall.include | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/miniupnpd/files/firewall.include b/net/miniupnpd/files/firewall.include index 97908af22..911e0675c 100644 --- a/net/miniupnpd/files/firewall.include +++ b/net/miniupnpd/files/firewall.include @@ -31,13 +31,15 @@ add_extzone_rules() { [ -z "$ext_zone" ] && return # IPv4 - due to NAT, need to add both to nat and filter table - # need to insert as penultimate rule for forward & postrouting since final rule might be a fw3 REJECT + # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT + iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD $IPTABLES -t nat -A "zone_${ext_zone}_prerouting" -j MINIUPNPD iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING # IPv6 if available - filter only [ -x $IP6TABLES ] && { + iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD } ADDED=$(($ADDED + 1))