đŸ’Ÿ Archived View for tilde.pink â€ș ~ssb22 â€ș upnp.gmi captured on 2024-02-05 at 10:31:46. Gemini links have been rewritten to link to archived content

View Raw

More Information

âŹ…ïž Previous capture (2023-01-29)

-=-=-=-=-=-=-

UPnP router command-line control scripts

These scripts allow a UPnP-based home router to be controlled programmatically from a Unix or Linux box. They were tested on a “Sky Hub” in 2016/17 but usual disclaimers apply.

(If you have an older router with the widely-reported security problem of leaving its UPnP port open to the *outside*, I’d rather you switch off and don’t use UPnP. Thankfully such older routers usually provide a non-UPnP means of route configuration like the VMDG280. Services like GRC ShieldsUp might be able to show if your older router is incorrectly handling UPnP security. But some newer routers are configurable *only* via UPnP, and do handle its security correctly—the scripts on this page can be useful for those.)

Installation: Make sure you have Python and the miniupnpc library (sudo pip install miniupnpc or apt-get install python-miniupnpc). Unpack upnp.tgz into /usr/local/bin or wherever.

upnp.tgz

iptables -A INPUT ! -i lo+ -p tcp --syn ! -s 192.168.0.0/16 ! --dport 80 -j DROP

(remember to add it to startup scripts before ifup; the package iptables-persistent might help, or if all your local-only servers are run from inetd you can try putting commands in /etc/default/openbsd-inetd)

Routers might or might not persist the port-forwarding rules across a power cycle. For best results you might need to arrange for them to be re-done.

Legal

All material © Silas S. Brown unless otherwise stated. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Python is a trademark of the Python Software Foundation. Unix is a trademark of The Open Group. Wi-Fi is a trademark of the Wi-Fi Alliance. Any other trademarks I mentioned without realising are trademarks of their respective holders.