YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

firewall: force source port for UPnP.

Browse source 
miniupnpc uses a random source port by default, the issue is that the
firewall rule to allow destination port 1900 incoming is unused because
the UPnP server will use the random source port as destination port in
the reply which iptables will block. Forcing the source port to be 1900
will ensure the UPnP server also uses that as destination port in the
reply and pass the firewall.

python-miniupnpc 2.0 or later is required for this change to have any
effect, it is otherwise silently ignored. A debian package upgrade is in
the works for official Yunohost repos.
This commit is contained in:
Léo Le Bouter 2020-12-21 00:21:50 +01:00
parent 6c75aa0074
commit 42f3ff6b00
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/yunohost/firewall.py
View file

@ -336,7 +336,7 @@ def firewall_upnp(action='status', no_refresh=False):
# Refresh port mapping using UPnP
if not no_refresh:
upnpc = miniupnpc.UPnP()
upnpc = miniupnpc.UPnP(localport=1)
upnpc.discoverdelay = 3000
# Discover UPnP device(s)