igmpproxy: drop SSDP packets

It is insecure to let this type of packets inside They can e.g. open ports on some other routers with UPnP, etc Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> (backported from c128371124)
2024-06-13 18:53:52 +02:00 · 2018-07-28 17:48:42 +03:00 · 2018-07-28 17:48:42 +03:00 · eb7ab27336
commit eb7ab27336
parent f1b086bf0f
2 changed files with 13 additions and 1 deletions
--- a/package/network/services/igmpproxy/Makefile
+++ b/package/network/services/igmpproxy/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=igmpproxy
 PKG_VERSION:=0.2.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/pali/igmpproxy/releases/download/${PKG_VERSION}/
--- a/package/network/services/igmpproxy/files/igmpproxy.init
+++ b/package/network/services/igmpproxy/files/igmpproxy.init
@ -68,6 +68,18 @@ igmp_add_firewall_routing() {

 	[[ "$direction" = "downstream" && ! -z "$zone" ]] || return 0

+# First drop SSDP packets then accept all other multicast
+
+	json_add_object ""
+	json_add_string type rule
+	json_add_string src "$upstream"
+	json_add_string dest "$zone"
+	json_add_string family ipv4
+	json_add_string proto udp
+	json_add_string dest_ip "239.255.255.250"
+	json_add_string target DROP
+	json_close_object
+
 	json_add_object ""
 	json_add_string type rule
 	json_add_string src "$upstream"