holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove outdated information from the UPnP doc.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-17 08:51:11 -07:00
parent a1a78cf09b
commit a620aa22f9
1 changed files with 8 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/UPnP.xml
View File

@ -64,16 +64,6 @@
UPnP<emphasis> </emphasis> <emphasis role="bold">AT YOUR OWN UPnP<emphasis> </emphasis> <emphasis role="bold">AT YOUR OWN
RISK.</emphasis></para> RISK.</emphasis></para>
</warning> </warning>
<warning>
<para>The linux-igd project was inactive for a long time and has just
been resurrected. I haven't tried to build using the current code (as of
2006-07-22) but the last time I did, I found that building and
installing linux-igd was not for the faint of heart. You must download
the source from CVS and I had to do quite a bit of fiddling with the
include files from libupnp (which is required to build and/or run
linux-igd).</para>
</warning>
</section> </section>
<section id="linux-igd"> <section id="linux-igd">
@ -98,25 +88,6 @@ forward_chain_name = forwardUPnP</programlisting>
net eth1 detect dhcp,routefilter,tcpflags,<emphasis net eth1 detect dhcp,routefilter,tcpflags,<emphasis
role="bold">upnp</emphasis></programlisting> role="bold">upnp</emphasis></programlisting>
<para>If your fw-&gt;loc policy is not ACCEPT then you need this
rule:</para>
<programlisting>#ACTION SOURCE DEST
allowoutUPnP $FW loc</programlisting>
<note>
<para>To use 'allowoutUPnP', your iptables and kernel must support the
'owner match' feature (see the output of "shorewall show capabilities")
and you may not be running kernel version 2.6.14 or later. If you are
running 2.6.14 or later, then replace the above rule with:</para>
</note>
<blockquote>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL RATE USER/
# PORT(S) DESTINATION LIMIT GROUP
ACCEPT $FW loc all - - - - root</programlisting>
</blockquote>
<para>If your loc-&gt;fw policy is not ACCEPT then you need this <para>If your loc-&gt;fw policy is not ACCEPT then you need this
rule:</para> rule:</para>
@ -143,15 +114,19 @@ forwardUPnP net loc</programlisting>
<title>Shorewall on a UPnP Client</title> <title>Shorewall on a UPnP Client</title>
<para>It is sometimes desirable to run UPnP-enabled client programs like <para>It is sometimes desirable to run UPnP-enabled client programs like
Transmission (BitTorrent client) on a Shorewall-protected system. <ulink url="http://www.transmissionbt.com/">Transmission</ulink>
Shorewall provides support for UPnP client access in the form of the (BitTorrent client) on a Shorewall-protected system. Shorewall provides
<emphasis role="bold">upnpclient</emphasis> option in <ulink support for UPnP client access in the form of the <emphasis
role="bold">upnpclient</emphasis> option in <ulink
url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink> url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para> (5).</para>
<para>The <emphasis role="bold">upnpclient</emphasis> option causes <para>The <emphasis role="bold">upnpclient</emphasis> option causes
Shorewall to detect the default gateway through the interface and to Shorewall to detect the default gateway through the interface and to
accept UDP packets from that gateway. Note that, like all aspects of UPnP, accept UDP packets from that gateway. Note that, like all aspects of UPnP,
this is a security hole so use this option at your own risk. </para> this is a security hole so use this option at your own risk.</para>
<para>Note that when multiple clients behind the firewall use UPnP, they
must configure their applications to use unique ports.</para>
</section> </section>
</article> </article>