miniupnpd: update and fix nftables variant #19154
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tiagogaspar8
force-pushed
the
miniupnpd-nftables-fix
branch
2 times, most recently
from
9a738c3
to
59270bc
Compare
|
Ping @jow- |
stintel
reviewed
Aug 13, 2022
tiagogaspar8
force-pushed
the
miniupnpd-nftables-fix
branch
2 times, most recently
from
b4d1dee
to
66641e2
Compare
stangri
reviewed
Aug 16, 2022
Update the package to a commit that fixes an issue with removing PCP mappings from nftables. This also allows us to fix the nftables miniupnpd implementation on openwrt. In this new implementation, a table is created at the start of miniupnpd and it is dedicated to miniupnpd with a priority above the firewall4 table. This allows miniupnpd to go ahead of the drop rules of firewall4 and forward traffic as needed. There was the possibility of adding a chain inside the firewall4 table, but this would raise an issue where if firewall4 was reloaded the port forwardings would be lost and miniupnpd could be out of sync. When miniupnpd is stopped the table is deleted, taking the port forwardings with it. Some of this commit is based of msylgj's work, mainly the logic of the init/hotplug scripts and the makefile build parameters. Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org> Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
tiagogaspar8
force-pushed
the
miniupnpd-nftables-fix
branch
from
66641e2
to
bb278ef
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
@stintel @BKPepe and @msylgj I'd love some feedback on this 😄
And testing also, might work for me but not others.
Signed-off-by: ZiMing Mo msylgj@immortalwrt.org
Signed-off-by: Tiago Gaspar tiagogaspar8@gmail.com
Maintainer: N/A
Compile tested: WRT3200ACM
Run tested: WRT3200ACM