From 42f3ff6b009ec0bb98074381c484b49681ec1ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= Date: Mon, 21 Dec 2020 00:21:50 +0100 Subject: [PATCH] firewall: force source port for UPnP. miniupnpc uses a random source port by default, the issue is that the firewall rule to allow destination port 1900 incoming is unused because the UPnP server will use the random source port as destination port in the reply which iptables will block. Forcing the source port to be 1900 will ensure the UPnP server also uses that as destination port in the reply and pass the firewall. python-miniupnpc 2.0 or later is required for this change to have any effect, it is otherwise silently ignored. A debian package upgrade is in the works for official Yunohost repos. --- src/yunohost/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/firewall.py b/src/yunohost/firewall.py index c17e958e7..dbf87a7b5 100644 --- a/src/yunohost/firewall.py +++ b/src/yunohost/firewall.py @@ -336,7 +336,7 @@ def firewall_upnp(action='status', no_refresh=False): # Refresh port mapping using UPnP if not no_refresh: - upnpc = miniupnpc.UPnP() + upnpc = miniupnpc.UPnP(localport=1) upnpc.discoverdelay = 3000 # Discover UPnP device(s)