Bug 27074

Summary:	upnpd (linux-idg) should [re]start after firewall
Product:	Gentoo Linux	Reporter:	Henry Yang <henryy>
Component:	[OLD] Server	Assignee:	John Mylchreest (RETIRED) <johnm>
Status:	RESOLVED NEEDINFO
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Henry Yang 2003-08-21 12:37:22 UTC

firewalls such as shorewall clears all chains after restart, putting upnpd into 
inconsistent state.

upnpd uses iptables to add DNAT entries.
upnpd should also start after any firewalls

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 John Mylchreest (RETIRED) gentoo-dev

2003-09-17 13:02:41 UTC

can i ask you to make the changes to /etc/init.d/upnpd.
in the depend() section can you add

after iptables

so it looks something like 

depend() {
 need net
 after iptables
}

and report back as to your findings.
im afraid i dont have the resources to test right now.
if this does the desired effect i shall commit changes

Comment 2 Maurice van der Pot (RETIRED) gentoo-dev

2004-10-29 11:13:19 UTC

No response in over a year. John, can you mark this RESOLVED/{NEEDINFO|TEST-REQUEST|FIXED} depending on what you want to do with it?

Comment 3 John Mylchreest (RETIRED) gentoo-dev

2004-12-01 11:30:59 UTC

Closing.

Comment 4 Chris Lee 2007-01-25 19:33:45 UTC

I can't say anything about other firewall scripts, but at least with shorewall you can configure shorewall itself to restart upnpd as needed:

add to /etc/shorewall/stop:
/etc/init.d/upnpd stop

add to /etc/shorewall/started:
/etc/init.d/upnp restart

It should be sufficient to start upnpd with 'start' but 'restart' works just fine here.

This has the added benefit that if you stop/start/reload/etc shorewall from commandline without using the init script then upnpd will also be restarted.