Merge "[rdkb][common][app][Fix miniupnpd service start fail]"
diff --git a/recipes-connectivity/miniupnpd/files/miniupnpd-filogic.conf b/recipes-connectivity/miniupnpd/files/miniupnpd-filogic.conf
new file mode 100644
index 0000000..cb6d38a
--- /dev/null
+++ b/recipes-connectivity/miniupnpd/files/miniupnpd-filogic.conf
@@ -0,0 +1,175 @@
+# WAN network interface
+ext_ifname=erouter0
+#ext_ifname=xl1
+# if the WAN network interface for IPv6 is different than for IPv4,
+# set ext_ifname6
+#ext_ifname6=eth2
+# If the WAN interface has several IP addresses, you
+# can specify the one to use below
+#ext_ip=
+# WAN interface must have public IP address. Otherwise it is behind NAT
+# and port forwarding is impossible. In some cases WAN interface can be
+# behind unrestricted NAT 1:1 when all incoming traffic is NAT-ed and
+# routed to WAN interfaces without any filtering. In this cases miniupnpd
+# needs to know public IP address and it can be learnt by asking external
+# server via STUN protocol. Following option enable retrieving external
+# public IP address from STUN server and detection of NAT type. You need
+# to specify also external STUN server in stun_host option below.
+# This option is disabled by default.
+#ext_perform_stun=yes
+# Specify STUN server, either hostname or IP address
+# Some public STUN servers:
+#  stun.stunprotocol.org
+#  stun.sipgate.net
+#  stun.xten.com
+#  stun.l.google.com (on non standard port 19302)
+#ext_stun_host=stun.stunprotocol.org
+# Specify STUN UDP port, by default it is standard port 3478.
+#ext_stun_port=3478
+
+# LAN network interfaces IPs / networks
+# There can be multiple listening IPs for SSDP traffic, in that case
+# use multiple 'listening_ip=...' lines, one for each network interface.
+# It can be IP address or network interface name (ie. "eth0")
+# It is mandatory to use the network interface name in order to enable IPv6
+# HTTP is available on all interfaces.
+# When MULTIPLE_EXTERNAL_IP is enabled, the external IP
+# address associated with the subnet follows. For example:
+#  listening_ip=192.168.0.1/24 88.22.44.13
+#listening_ip=192.168.0.1/24
+#listening_ip=10.5.0.0/16
+listening_ip=brlan0
+# CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
+# Be sure to assign the correct interfaces to LAN and WAN and consider
+# implementing UPnP permission rules at the bottom of this configuration file
+
+# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect.
+#http_port=0
+# Port for HTTPS. Set to 0 for autoselect (default)
+#https_port=0
+
+# Path to the UNIX socket used to communicate with MiniSSDPd
+# If running, MiniSSDPd will manage M-SEARCH answering.
+# default is /var/run/minissdpd.sock
+#minissdpdsocket=/var/run/minissdpd.sock
+
+# Enable NAT-PMP support (default is no)
+#enable_natpmp=yes
+
+# Enable UPNP support (default is yes)
+#enable_upnp=no
+
+# PCP
+# Configure the minimum and maximum lifetime of a port mapping in seconds
+# 120s and 86400s (24h) are suggested values from PCP-base
+#min_lifetime=120
+#max_lifetime=86400
+
+# Chain names for netfilter (not used for pf or ipf).
+# default is MINIUPNPD for both
+#upnp_forward_chain=forwardUPnP
+#upnp_nat_chain=UPnP
+#upnp_nat_postrouting_chain=UPnP-Postrouting
+
+# Lease file location
+#lease_file=/var/log/upnp.leases
+
+# To enable the next few runtime options, see compile time
+# ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
+
+# Name of this service, default is "`uname -s` router"
+#friendly_name=MiniUPnPd router
+
+# Manufacturer name, default is "`uname -s`"
+#manufacturer_name=Manufacturer corp
+
+# Manufacturer URL, default is URL of OS vendor
+#manufacturer_url=http://miniupnp.free.fr/
+
+# Model name, default is "`uname -s` router"
+#model_name=Router Model
+
+# Model description, default is "`uname -s` router"
+#model_description=Very Secure Router - Model
+
+# Model URL, default is URL of OS vendor
+#model_url=http://miniupnp.free.fr/
+
+# Bitrates reported by daemon in bits per second
+# by default miniupnpd tries to get WAN interface speed
+#bitrate_up=1000000
+#bitrate_down=10000000
+
+# Secure Mode, UPnP clients can only add mappings to their own IP
+#secure_mode=yes
+secure_mode=no
+
+# Default presentation URL is HTTP address on port 80
+# If set to an empty string, no presentationURL element will appear
+# in the XML description of the device, which prevents MS Windows
+# from displaying an icon in the "Network Connections" panel.
+#presentation_url=http://www.mylan/index.php
+
+# Report system uptime instead of daemon uptime
+system_uptime=yes
+
+# Notify interval in seconds. default is 30 seconds.
+#notify_interval=240
+notify_interval=60
+
+# Unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# Clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# Log packets in pf (default is no)
+#packet_log=no
+
+# Anchor name in pf (default is miniupnpd)
+#anchor=miniupnpd
+
+# ALTQ queue in pf
+# Filter rules must be used for this to be used.
+# compile with PF_ENABLE_FILTER_RULES (see config.h file)
+#queue=queue_name1
+
+# Tag name in pf
+#tag=tag_name1
+
+# Make filter rules in pf quick or not. default is yes
+# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
+#quickrules=no
+
+# UUID, generate your own UUID with "make genuuid"
+uuid=2276cf5c-2d99-4bc0-97ab-46e7dfc4e20c
+
+# Daemon's serial and model number when reporting to clients
+# (in XML description)
+#serial=12345678
+#model_number=1
+
+# If compiled with IGD_V2 defined, force reporting IGDv1 in rootDesc (default
+# is no)
+#force_igd_desc_v1=no
+
+# UPnP permission rules
+# (allow|deny) (external port range) IP/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# IP/mask format must be nnn.nnn.nnn.nnn/nn
+# It is advised to only allow redirection of port >= 1024
+# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+# The following default ruleset allows specific LAN side IP addresses
+# to request only ephemeral ports. It is recommended that users
+# modify the IP ranges to match their own internal networks, and
+# also consider implementing network-specific restrictions
+# CAUTION: failure to enforce any rules may permit insecure requests to be made!
+allow 1024-65535 192.168.0.0/24 1024-65535
+allow 1024-65535 192.168.1.0/24 1024-65535
+allow 1024-65535 10.0.0.1/24 1024-65535
+allow 1024-65535 192.168.0.0/23 22
+allow 12345 192.168.7.113/32 54321
+deny 0-65535 0.0.0.0/0 0-65535
diff --git a/recipes-connectivity/miniupnpd/miniupnpd_%.bbappend b/recipes-connectivity/miniupnpd/miniupnpd_%.bbappend
new file mode 100644
index 0000000..9f9a8be
--- /dev/null
+++ b/recipes-connectivity/miniupnpd/miniupnpd_%.bbappend
@@ -0,0 +1,10 @@
+FILESEXTRAPATHS_append := "${THISDIR}/files:"
+
+SRC_URI_append += "file://miniupnpd-filogic.conf \
+        "
+
+do_install_append() {
+    sed -i "s/After=network.target/After=network.target init-Lanbridge.service/g" ${D}${systemd_unitdir}/system/miniupnpd.service
+    install -m 0644 ${WORKDIR}/miniupnpd-filogic.conf ${D}/${sysconfdir}/${BPN}/miniupnpd.conf
+}
+