upnpd.conf(5) upnpd(8) configuration file




upnpd.conf contains the configuration details to do with run-time of upnpd(8). Configuration items related to starting the daemon such as interface names are defined, for Debian, in /etc/default/linux-igd.


The full path and name of the iptables executable, (enclosed in quotes).

Example: iptables_location = "/sbin/iptables"

Daemon debug level. Messages are logged via syslog to debug.

    0 - no debug messages
    1 - log errors
    2 - log errors and basic info
    3 - log errors and verbose info
    default = 0

Example: debug_mode = 2

Should the daemon create rules in the forward chain, or not. This is necessary if your firewall has a drop or reject policy in your forward chain.

    allowed values: yes,no
    default = no

Example: create_forward_rules = yes

Should the daemon insert or append rules in the forward chain. Normally you will want to insert rules at the beginning of the forward chain, so that they apply before any drop or reject rules later in the chain. This option only applies if "create_forward_rules = yes".

As an experiment, this setting now also affects the PREROUTING chain in the same way. If this causes you problems please let me (Debian maintainer) know through the BTS.

Tip: If you need to insert rules somewhere in the middle of the PREROUTING or FORWARD chains, instead of first or last, then you should create a new empty chain, e.g forwardUPnP, and set forward_chain_name to that chain. Then insert a rule to jump to forwardUPnP in the appropriate place in the PREROUTING or FORWARD chain. (The value of forward_rules_append probably won't matter much in that case.)

    allowed values: yes,no
    default = no

Example: forward_rules_append = no

The name of the chain to put the forward rules in. This option only applies if "create_forward_rules = yes".

    allowed values: a-z, A-Z, _, -
    default = FORWARD

Example: forward_chain_name = FORWARD

The name of the chain to put prerouting rules in.

    allowed values: a-z, A-Z, _, -
    default = PREROUTING

Example: prerouting_chain_name = PREROUTING

The internet line upstream bit rate reported from the daemon. Value in bits per second.

    default = 0

Example: upstream_bitrate = 512000

The internet line downstream bit rate reported from the daemon. Value in bits per second.

    default = 0

Example: downstream_bitrate = 512000

The default duration of port mappings, used when the client doesn't specify a duration. Can have the following values:

    0 - no default duration specified
    seconds | HH:MM - duration from the time of addition
    @seconds | @HH:MM - expire mapping at the specified time of day
    default = 0

Example: duration = 86400 # One day

The path to the xml documents. Do not include the trailing "/".

    default = /etc/linuxigd

Example: xml_document_path = /etc/linuxigd

The name of the igd device xml description document, underneath xml_document_path.

    default = gatedesc.xml

Example: description_document_name = gatedesc.xml

The UPnP port to listen on.

    default = 0 (first free UPnP port, starting with 49152).

Example: listenport = 0

Paranoid forwarding setting. Can have the following values:

    0 - allow internal hosts to forward to any other (internal) host.
    1-  only allow internal hosts to forward to themselves.
    default = 0

Example: paranoid = 1


This manual page was written by Nick Leverton <[email protected]> for the Debian GNU/Linux system (but may be used by others).