Package: miniupnpd-nftables Version: 2.3.7-1 Followup-For: Bug #1066874 Hello,
I now present for consideration my modified versions of nft_init.sh,
nft_removeall.sh, and miniupnpd_functions.sh. It hopes to resolve #1066874
(and #1090753) by allowing users to nominate a different table to use in
miniupnpd.conf, and never dropping traffic from within its chains.
The other problem it fixes is that the tables/chains miniupnpd uses is
defined in miniupnpd.conf, whereas currently nft_init.sh always uses the
tables/chains named in miniupnpd_functions.sh. Thus changing the actual
tables/chains used would have required changes in two places.
Until nftnlrdr_misc.c gets better defaults, I recommend the following in
miniupnpd.conf:
upnp_table_name=miniupnpd
upnp_nat_table_name=miniupnpd
upnp_forward_chain=forward
upnp_nat_chain=prerouting
upnp_nat_postrouting_chain=postrouting
Changing the table names is important, IMO, to avoid clobbering rules
defined elsewhere.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500,
'oldstable-security'), (500, 'testing'), (500, 'oldstable'), (490,
'stable-debug'), (490, 'stable'), (400, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages miniupnpd-nftables depends on:
ii libc6 2.40-6
ii libmnl0 1.0.5-3
ii libnftnl11 1.2.8-1
ii miniupnpd 2.3.7-1
miniupnpd-nftables recommends no packages.
miniupnpd-nftables suggests no packages.
-- no debconf information
nft_init.sh
Description: Bourne shell script
nft_removeall.sh
Description: Bourne shell script
miniupnpd_functions.sh
Description: Bourne shell script
