Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/upnp: enable STUN and allow LAN subnet override #3096
net/upnp: enable STUN and allow LAN subnet override #3096
Changes from 13 commits
e3276cb
456a42d
4243bbd
c414ec2
fa42e04
e9b29e0
8dd38cb
eb1a6f8
63d0e1c
dc4f0f0
a7c3027
2ce0756
9292127
8e6e8ac
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's probably safer to validate for subnet mask and add the "/" in the configuration. /32 is basically the default like when we omit the override?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default ends up being the subnet of the interface rather than simply /32 afaik - not sure how to "validate" the subnet mask in this case to be honest and there may be a better way of writing this entirely.
To give context for this option - in our case, OPNsense is 10.10.0.2 behind a L3 switch on 10.10.0.1, and we have VLANs 10.40.0.0/22 and 10.50.0.0/22 routed via the switch, we simply override the miniupnpd config in OPNsense to be
igb0/8
so it responds to requests coming in from the entire 10.0.0.0/8 space. It's pretty dirty but I'm not sure what we can validate subnet masks against in this case? Or do you mean just run it through the is_subnet function?