diff --git a/Makefile b/Makefile
index 64d3907fe..108658c99 100644
--- a/Makefile
+++ b/Makefile
@@ -100,7 +100,6 @@ CORE_DEPENDS?= apinger \
isc-dhcp43-relay \
isc-dhcp43-server \
lighttpd \
- miniupnpd \
mpd5 \
ntp \
openssh-portable \
diff --git a/plist b/plist
index 1b05ac4a5..41dcc72b5 100644
--- a/plist
+++ b/plist
@@ -48,7 +48,6 @@
/usr/local/etc/inc/plugins.inc.d/if_legacy_opt.inc
/usr/local/etc/inc/plugins.inc.d/if_openvpn.inc
/usr/local/etc/inc/plugins.inc.d/ipfw.inc
-/usr/local/etc/inc/plugins.inc.d/miniupnpd.inc
/usr/local/etc/inc/plugins.inc.d/netflow.inc
/usr/local/etc/inc/plugins.inc.d/ntpd.inc
/usr/local/etc/inc/plugins.inc.d/pf.inc
@@ -464,8 +463,6 @@
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/Migrations/M1_0_0.php
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.php
/usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
-/usr/local/opnsense/mvc/app/models/OPNsense/UPnP/ACL/ACL.xml
-/usr/local/opnsense/mvc/app/models/OPNsense/UPnP/Menu/Menu.xml
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/index.volt
/usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/vouchers.volt
@@ -1058,7 +1055,6 @@
/usr/local/www/services_unbound_domainoverride_edit.php
/usr/local/www/services_unbound_host_edit.php
/usr/local/www/services_unbound_overrides.php
-/usr/local/www/services_upnp.php
/usr/local/www/status_dhcp_leases.php
/usr/local/www/status_dhcpv6_leases.php
/usr/local/www/status_filter_reload.php
@@ -1072,7 +1068,6 @@
/usr/local/www/status_ntpd.php
/usr/local/www/status_openvpn.php
/usr/local/www/status_services.php
-/usr/local/www/status_upnp.php
/usr/local/www/status_wireless.php
/usr/local/www/system_advanced_admin.php
/usr/local/www/system_advanced_firewall.php
diff --git a/src/etc/inc/plugins.inc.d/miniupnpd.inc b/src/etc/inc/plugins.inc.d/miniupnpd.inc
deleted file mode 100644
index 2eade24ce..000000000
--- a/src/etc/inc/plugins.inc.d/miniupnpd.inc
+++ /dev/null
@@ -1,225 +0,0 @@
-registerAnchor('miniupnpd', 'rdr');
- $fw->registerAnchor('miniupnpd', 'fw');
-}
-
-function miniupnpd_services()
-{
- $services = array();
-
- if (!miniupnpd_enabled()) {
- return $services;
- }
-
- $pconfig = array();
- $pconfig['name'] = 'miniupnpd';
- $pconfig['description'] = gettext('Univeral Plug and Play');
- $pconfig['php']['restart'] = array('miniupnpd_stop', 'miniupnpd_start');
- $pconfig['php']['start'] = array('miniupnpd_start');
- $pconfig['php']['stop'] = array('miniupnpd_stop');
- $pconfig['pidfile'] = '/var/run/miniupnpd.pid';
- $services[] = $pconfig;
-
- return $services;
-}
-
-function miniupnpd_start()
-{
- if (!miniupnpd_enabled()) {
- return;
- }
-
- if (isvalidpid('/var/run/miniupnpd.pid')) {
- return;
- }
-
- mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid');
-}
-
-function miniupnpd_stop()
-{
- killbypid('/var/run/miniupnpd.pid', 'TERM', true);
- mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null');
- mwexec('/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null');
-}
-
-function miniupnpd_configure()
-{
- return array('miniupnpd_configure_do');
-}
-
-function miniupnpd_uuid()
-{
- /* md5 hash of wan mac */
- $uuid = md5(get_interface_mac(get_real_interface("wan")));
- /* put uuid in correct format 8-4-4-4-12 */
- return substr($uuid,0,8).'-'.substr($uuid,9,4).'-'.substr($uuid,13,4).'-'.substr($uuid,17,4).'-'.substr($uuid,21,12);
-}
-
-function miniupnpd_configure_do($verbose = false)
-{
- global $config;
-
- miniupnpd_stop();
-
- if (!miniupnpd_enabled()) {
- return;
- }
-
- if ($verbose) {
- echo 'Starting UPnP service...';
- flush();
- }
-
- $upnp_config = $config['installedpackages']['miniupnpd']['config'][0];
-
- $ext_ifname = get_real_interface($upnp_config['ext_iface']);
- if ($ext_ifname == $upnp_config['ext_iface']) {
- if ($verbose) {
- echo "failed.\n";
- }
- return;
- }
-
- $config_text = "ext_ifname={$ext_ifname}\n";
- $config_text .= "port=2189\n";
-
- $ifaces_active = '';
-
- /* since config is written before this file invoked we don't need to read post data */
- if (!empty($upnp_config['iface_array'])) {
- foreach(explode(',', $upnp_config['iface_array']) as $iface) {
- /* Setting the same internal and external interface is not allowed. */
- if ($iface == $upnp_config['ext_iface']) {
- continue;
- }
- $if = get_real_interface($iface);
- /* above function returns iface if fail */
- if ($if!=$iface) {
- $addr = find_interface_ip($if);
- $bits = find_interface_subnet($if);
- /* check that the interface has an ip address before adding parameters */
- if (is_ipaddr($addr)) {
- $config_text .= "listening_ip={$if}\n";
- if (!$ifaces_active) {
- $webgui_ip = $addr;
- $ifaces_active = $iface;
- } else {
- $ifaces_active .= ", {$iface}";
- }
- } else {
- log_error("miniupnpd: Interface {$iface} has no ip address, ignoring");
- }
- } else {
- log_error("miniupnpd: Could not resolve real interface for {$iface}");
- }
- }
-
- if (!empty($ifaces_active)) {
- /* override wan ip address, common for carp, etc */
- if (!empty($upnp_config['overridewanip'])) {
- $config_text .= "ext_ip={$upnp_config['overridewanip']}\n";
- }
- /* set upload and download bitrates */
- if (!empty($upnp_config['download']) && !empty($upnp_config['upload'])) {
- $download = $upnp_config['download']*1000;
- $upload = $upnp_config['upload']*1000;
- $config_text .= "bitrate_down={$download}\n";
- $config_text .= "bitrate_up={$upload}\n";
- }
-
- $config_text .= "secure_mode=yes\n";
-
- /* enable logging of packets handled by miniupnpd rules */
- if (!empty($upnp_config['logpackets'])) {
- $config_text .= "packet_log=yes\n";
- }
-
- /* enable system uptime instead of miniupnpd uptime */
- if (!empty($upnp_config['sysuptime'])) {
- $config_text .= "system_uptime=yes\n";
- }
-
- /* set webgui url */
- if (!empty($config['system']['webgui']['protocol'])) {
- $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}";
- if (!empty($config['system']['webgui']['port'])) {
- $config_text .= ":{$config['system']['webgui']['port']}";
- }
- $config_text .= "/\n";
- }
-
- /* set uuid and serial */
- $config_text .= "uuid=".miniupnpd_uuid()."\n";
- $config_text .= "serial=".strtoupper(substr(miniupnpd_uuid(),0,8))."\n";
-
- /* set model number */
- $config_text .= "model_number=".file_get_contents("/usr/local/opnsense/version/opnsense")."\n";
-
- /* upnp access restrictions */
- for ($i=1; $i<=4; $i++) {
- if ($upnp_config["permuser{$i}"]) {
- $config_text .= "{$upnp_config["permuser{$i}"]}\n";
- }
- }
-
- if (!empty($upnp_config['permdefault'])) {
- $config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n";
- }
-
- /* Allow UPnP or NAT-PMP as requested */
- $config_text .= "enable_upnp=" . ( $upnp_config['enable_upnp'] ? "yes\n" : "no\n" );
- $config_text .= "enable_natpmp=" . ( $upnp_config['enable_natpmp'] ? "yes\n" : "no\n" );
-
- /* write out the configuration */
- file_put_contents('/var/etc/miniupnpd.conf', $config_text);
-
- log_error("miniupnpd: Starting service on interface: {$ifaces_active}");
- miniupnpd_start();
- }
- }
-
- if ($verbose) {
- echo "done.\n";
- }
-}
diff --git a/src/opnsense/mvc/app/models/OPNsense/UPnP/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/UPnP/ACL/ACL.xml
deleted file mode 100644
index cc93dde4a..000000000
--- a/src/opnsense/mvc/app/models/OPNsense/UPnP/ACL/ACL.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
- Service: Universal Plug and Play
-
- services_upnp.php*
-
-
-
- Status: Universal Plug and Play
-
- status_upnp.php*
-
-
-
diff --git a/src/opnsense/mvc/app/models/OPNsense/UPnP/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/UPnP/Menu/Menu.xml
deleted file mode 100644
index 0dfae6b0f..000000000
--- a/src/opnsense/mvc/app/models/OPNsense/UPnP/Menu/Menu.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
diff --git a/src/www/services_upnp.php b/src/www/services_upnp.php
deleted file mode 100644
index 131a81037..000000000
--- a/src/www/services_upnp.php
+++ /dev/null
@@ -1,378 +0,0 @@
-
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("guiconfig.inc");
-require_once("interfaces.inc");
-require_once("services.inc");
-require_once("filter.inc");
-require_once("system.inc");
-require_once("plugins.inc.d/miniupnpd.inc");
-
-function upnp_validate_ip($ip) {
- /* validate cidr */
- $ip_array = array();
- $ip_array = explode('/', $ip);
- if (count($ip_array) == 2) {
- if ($ip_array[1] < 1 || $ip_array[1] > 32) {
- return false;
- }
- } elseif (count($ip_array) != 1) {
- return false;
- }
-
- /* validate ip */
- if (!is_ipaddr($ip_array[0])) {
- return false;
- }
- return true;
-}
-
-function upnp_validate_port($port) {
- foreach (explode('-', $port) as $sub) {
- if ($sub < 0 || $sub > 65535 || !is_numeric($sub)) {
- return false;
- }
- }
- return true;
-}
-
-if ($_SERVER['REQUEST_METHOD'] === 'GET') {
- $pconfig = array();
-
- $copy_fields = array('enable', 'enable_upnp', 'enable_natpmp', 'ext_iface', 'iface_array', 'download',
- 'upload', 'overridewanip', 'logpackets', 'sysuptime', 'permdefault', 'permuser1',
- 'permuser2', 'permuser3', 'permuser4');
-
- foreach ($copy_fields as $fieldname) {
- if (isset($config['installedpackages']['miniupnpd']['config'][0][$fieldname])) {
- $pconfig[$fieldname] = $config['installedpackages']['miniupnpd']['config'][0][$fieldname];
- }
- }
- // parse array
- $pconfig['iface_array'] = explode(',', $pconfig['iface_array']);
-} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $input_errors = array();
- $pconfig = $_POST;
-
- // validate form data
- if (!empty($pconfig['enable']) && (empty($pconfig['enable_upnp']) && empty($pconfig['enable_natpmp']))) {
- $input_errors[] = gettext('At least one of \'UPnP\' or \'NAT-PMP\' must be allowed');
- }
- if (!empty($pconfig['iface_array'])) {
- foreach($pconfig['iface_array'] as $iface) {
- if ($iface == 'wan') {
- $input_errors[] = gettext('It is a security risk to specify WAN as an internal interface.');
- } elseif ($iface == $pconfig['ext_iface']) {
- $input_errors[] = gettext('You cannot select the external interface as an internal interface.');
- }
- }
- } else {
- $input_errors[] = gettext('You must specify at least one internal interface.');
- }
- if (!empty($pconfig['overridewanip']) && !is_ipaddr($pconfig['overridewanip'])) {
- $input_errors[] = gettext('You must specify a valid ip address in the \'Override WAN address\' field');
- }
- if ((!empty($pconfig['download']) && empty($pconfig['upload'])) || (!empty($pconfig['upload']) && empty($pconfig['download']))) {
- $input_errors[] = gettext('You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields');
- }
- if (!empty($pconfig['download']) && ($pconfig['download'] <= 0 || !is_numeric($pconfig['download']))) {
- $input_errors[] = gettext('You must specify a value greater than 0 in the \'Maximum Download Speed\' field');
- }
- if (!empty($pconfig['upload']) && ($pconfig['upload'] <= 0 || !is_numeric($pconfig['upload']))) {
- $input_errors[] = gettext('You must specify a value greater than 0 in the \'Maximum Upload Speed\' field');
- }
-
- /* user permissions validation */
- for($i=1; $i<=4; $i++) {
- if (!empty($pconfig["permuser{$i}"])) {
- $perm = explode(' ',$pconfig["permuser{$i}"]);
- /* should explode to 4 args */
- if (count($perm) != 4) {
- $input_errors[] = sprintf(gettext("You must follow the specified format in the 'User specified permissions %s' field"), $i);
- } else {
- /* must with allow or deny */
- if (!($perm[0] == 'allow' || $perm[0] == 'deny')) {
- $input_errors[] = sprintf(gettext("You must begin with allow or deny in the 'User specified permissions %s' field"), $i);
- }
- /* verify port or port range */
- if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) {
- $input_errors[] = sprintf(gettext("You must specify a port or port range between 0 and 65535 in the 'User specified permissions %s' field"), $i);
- }
- /* verify ip address */
- if (!upnp_validate_ip($perm[2])) {
- $input_errors[] = sprintf(gettext("You must specify a valid ip address in the 'User specified permissions %s' field"), $i);
- }
- }
- }
- }
-
- if (count($input_errors) == 0) {
- // save form data
- $upnp = array();
- // boolean types
- foreach (array('enable', 'enable_upnp', 'enable_natpmp', 'logpackets', 'sysuptime', 'permdefault') as $fieldname) {
- $upnp[$fieldname] = !empty($pconfig[$fieldname]);
- }
- // text field types
- foreach (array('ext_iface', 'download', 'upload', 'overridewanip', 'permuser1',
- 'permuser2', 'permuser3', 'permuser4') as $fieldname) {
- $upnp[$fieldname] = $pconfig[$fieldname];
- }
- // array types
- $upnp['iface_array'] = implode(',', $pconfig['iface_array']);
- // sync to config
- $config['installedpackages']['miniupnpd']['config'] = $upnp;
-
- write_config('Modified Universal Plug and Play settings');
- miniupnpd_configure_do();
- filter_configure();
- header(url_safe('Location: /services_upnp.php'));
- exit;
- }
-}
-
-
-$service_hook = 'miniupnpd';
-legacy_html_escape_form_data($pconfig);
-include("head.inc");
-?>
-
-
-
-
-
- 0) print_input_errors($input_errors); ?>
-
-
-
-
-
diff --git a/src/www/status_upnp.php b/src/www/status_upnp.php
deleted file mode 100644
index 19975583c..000000000
--- a/src/www/status_upnp.php
+++ /dev/null
@@ -1,117 +0,0 @@
-.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("guiconfig.inc");
-require_once("services.inc");
-require_once("interfaces.inc");
-require_once("plugins.inc.d/miniupnpd.inc");
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- if (!empty($_POST['clear'])) {
- miniupnpd_stop();
- miniupnpd_start();
- header(url_safe('Location: /status_upnp.php'));
- exit;
- }
-}
-
-$rdr_entries = array();
-exec("/sbin/pfctl -aminiupnpd -sn", $rdr_entries, $pf_ret);
-
-$service_hook = 'miniupnpd';
-include("head.inc");
-?>
-
-
-
-
-