@patrickli Could you attach an example of VyOS configuration with set service upnp xxx
If you manually change upnpd.conf does it work correctly?

set service upnp rule 10 action allow
set service upnp rule 10 external-port-range 1024-65536
set service upnp rule 10 internal-port-range 1024-65536
set service upnp rule 10 ip 10.0.0.1/24

This command will fail with Error: 10.0.0.1/24 is not a valid IPv4 address.

You need to use a prefix here as I want this rule to generate the following line in miniupnp.conf

allow 1024-65536 10.0.0.1/24 1024-65536

This means, allow hosts in 10.0.0.1/24 to map external ports from 1024 to 65536 on the router into ports 1024-65536 on the requesting host. It is useless without a prefix list.

@patrickli Could you send a real example? In your example, port ranges are incorrect also it is not all required UPnP configuration
If you sent all UPnP configuration, it already has been done :)
I'm not a UPnP person, so I ask for some examples.

Even with this configuration:

set service upnp listen '192.0.2.2'
set service upnp rule 10 action 'allow'
set service upnp rule 10 external-port-range '1024-65535'
set service upnp rule 10 internal-port-range '1024-65535'
set service upnp rule 10 ip '10.0.0.1'
set service upnp wan-interface 'eth0'

I don't see anything regarding ports 1024-65535 or 10.0.0.1

vyos@r1# cat /run/upnp/miniupnp.conf | grep "10.0.0.1"
[edit]
vyos@r1# cat /run/upnp/miniupnp.conf | grep "65535"
[edit]
vyos@r1#

I don't know if it is a bug or not. So to fix it, it is better to get a real example of config in which I can see required options

It seems UPnP rules doesn't work at all task T4620

PR https://github.com/vyos/vyos-1x/pull/1476