From aca5806b401093ea609675d7359f8a7717ef8a4d Mon Sep 17 00:00:00 2001
From: Taylor Helsper <tehelsper@gmail.com>
Date: Sun, 14 Feb 2021 11:58:14 -0600
Subject: [PATCH] Improve UPNP firewall rules

---
 rootfs/standard/usr/bin/mynode_firewall.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rootfs/standard/usr/bin/mynode_firewall.sh b/rootfs/standard/usr/bin/mynode_firewall.sh
index 0bd79842..080628c9 100755
--- a/rootfs/standard/usr/bin/mynode_firewall.sh
+++ b/rootfs/standard/usr/bin/mynode_firewall.sh
@@ -16,6 +16,9 @@ ufw allow 22    comment 'allow SSH'
 ufw allow 80    comment 'allow WWW'
 ufw allow 443   comment 'allow Secure WWW'
 ufw allow 1900  comment 'allow SSDP for UPnP discovery'
+ufw allow from 10.0.0.0/8 port 1900 to any      comment 'allow UPnP from router'
+ufw allow from 192.168.0.0/16 port 1900 to any  comment 'allow UPnP from router'
+ufw allow from 172.16.0.0/12 port 1900 to any   comment 'allow UPnP from router'
 ufw allow 10009 comment 'allow Lightning gRPC'
 ufw allow 10080 comment 'allow Lightning REST RPC'
 ufw allow 9735  comment 'allow Lightning'