In T5835#188048, @aidan-gibson wrote:I guess the fate of upnp has already been decided https://vyos.dev/rVYOSONEX7c438caa2c21101cbefc2eec21935ab55af19c46
RIP
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Wed, May 15
Wed, May 15
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
Tue, May 14
Tue, May 14
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187967, @dmbaturin wrote:If you are really that curious, I can attach a screenshot.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187963, @dylanneild wrote:A bunch to unpack here.
[...]
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187938, @syncer wrote:Created a poll for maintainers on this topic, and we will go with the decision made.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187937, @syncer wrote:go learn how cheap cameras open firewalls via UPnP and make them available on the internet without people being aware of that
or how malware exfiltrates data via port 443 because enterprises can't reliably block outbound traffic on that port.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187935, @Viacheslav wrote:If you know how to test it will be great to test it. If no one needs it even for tests, what are we talking about?
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187934, @syncer wrote:In T5835#187933, @simplysoft wrote:A firewall is doing exactly this all the time when using NAT, autonomously opening ports via call from internal networks (aka internal originated traffic) to allow responses to reach the originator. Enterprises might have some strict outbound rules. For UPnP is exactly the same, an enterprise would have strict rules which services are allowed to open ports.
Not if it's not configured to do so.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
I'm not sure if that summary from you @Viacheslav is fully reflecting the current state.
I'm also not sure if the original implementation never worked, might very well have been broken while refactoring some vyos internals how the firewall is structured, but I guess you should have a better understanding of (the history of) your product. Otherwise I would be very surprised if a broken feature got into your product without every working / being tested.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187919, @syncer wrote:Does it work now?
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
One reasons it is rarely seen is as most are not aware of it being used undercover and when not being present, nothing necessarily brakes (due to fallback to other mechanisms). For some home routers we saw this was an undocumented "feature" that you did not have any control over, more recent & reasonable implementation we have seen allow you to enable or disable it (but nothing much more like fine grained permissions)
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
In T5835#187910, @syncer wrote:@aidan-gibson main use case is games typically, which is not in priority for us
Dec 18 2023
Dec 18 2023
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
The mentioned file that missing is located upstream in https://github.com/miniupnp/miniupnp/tree/miniupnpd_2_3_1/miniupnpd/netfilter_nft/scripts
and the upstream configuration options that we think are missing to match vyos chains is https://github.com/miniupnp/miniupnp/blob/miniupnpd_2_3_1/miniupnpd/miniupnpd.conf#L77
Unknown Object (User) created T5835: UPnP port mapping / rule installation fails.