yes, @aidan-gibson, there are no plans to entertain shit-talkers with a single task and no contributions

Wow...honestly no words

you are not from the community @simplysoft
it's time to depart from here

In T5835#188048, @aidan-gibson wrote:

I guess the fate of upnp has already been decided https://vyos.dev/rVYOSONEX7c438caa2c21101cbefc2eec21935ab55af19c46
RIP

I guess the fate of upnp has already been decided https://vyos.dev/rVYOSONEX7c438caa2c21101cbefc2eec21935ab55af19c46
RIP

@jestabro Thanks for the detailed explanation. If I'd been a proper tester I should have just rebooted it a second time! I think the current solution is fine as long as it's mentioned in release/upgrade notes somewhere. It really is only a performance tweak, it doesn't impact functionality. Thanks again.

@tjh in fact, this was a design decision, discussed with @Viacheslav at the time, and agreed upon, although neither of us are fully satisfied with the decision (and I'll let him amend these claims, if needed):

I could argue with additional upnp use cases, but that doesn't seem useful here. It seems the only solution that isn't cringe is outlined here:

thanks for your effort in any case @florin
"A journey of a thousand miles begins with a single step"

seems rather useless now :)

I'm just using this for my home lab :) - that's a great suggestion @Rain I shall use that!

Since the --vyos-mirror string is copied directly, you can simply prepend it with [trusted=yes]; a new flag isn't really necessary:

In T5835#187927, @syncer wrote:

I fail to comprehend how a firewall that autonomously opens ports via calls from internal networks is appropriate for an enterprise.
Indeed there are some use cases but this functionality can be used by malicious code and allow bypass security configuration that is enforced otherwise

In T5835#187927, @syncer wrote:

I fail to comprehend how a firewall that autonomously opens ports via calls from internal networks is appropriate for an enterprise.
Indeed there are some use cases but this functionality can be used by malicious code and allow bypass security configuration that is enforced otherwise

https://github.com/net-snmp/net-snmp/issues/786

Implementation never worked

In T5835#187967, @dmbaturin wrote:

If you are really that curious, I can attach a screenshot.

If someone wants, I can probably unearth my patches to 1.4 and miniupnpd to make it all work. It was technically functional and worked as expected. I just don't have the time or patience to deal with getting it merged/integrated back into the project.

Out of curiosity, will the details of the poll be public or the results being shared transparently?

In T5835#187963, @dylanneild wrote:

A bunch to unpack here.
[...]

In T5835#187938, @syncer wrote:

Created a poll for maintainers on this topic, and we will go with the decision made.

A bunch to unpack here.

Related https://vyos.dev/T921

More info related to PowerDNS DNSdist: https://powerdns.org/dnsdist-md/dnsdist-diagrams.md.html

In T5835#187937, @syncer wrote:

go learn how cheap cameras open firewalls via UPnP and make them available on the internet without people being aware of that

or how malware exfiltrates data via port 443 because enterprises can't reliably block outbound traffic on that port.

In T5835#187935, @Viacheslav wrote:

If you know how to test it will be great to test it. If no one needs it even for tests, what are we talking about?