UPnP - enable per device?


Occasional Visitor
I'm in the process of moving (back) from a homebrew pfsense router to an RT-AX86U with Asuswrt-Merlin (went the other way because my older RT-AC3200 didn't have the horsepower to do firewalling/filtering and still serve up my gigabit fiber connection at full speed... also for fun?).

So far the only thing I've come across that there isn't an equivalent of is allowing upnp access on a per-device basis. Is this possible in Asuswrt (or Asuswrt-merlin)?

FWIW in pfsense I can turn on UPnP, set the default behavior to deny port mapping capability, then add devices (mostly gaming consoles) to an access list that allows only those devices to utilize UPnP to set up port forwards.

PS. not trying to start a holy war between routing solutions
PPS. I searched the forums plenty and found nothing about the existence (or non existence) of this functionality


Part of the Furniture
You would have to use a upnp.postconf script to modify the router's auto-generated config (/etc/upnp/config).



Part of the Furniture
I had not considered this an option before, thanks @ColinTaylor !
Here's a more generic example than the one in the other thread:


source /usr/sbin/helper.sh

pc_delete "allow " $CONFIG      # Remove existing rule first

# Insert new rules in reverse order:
#                              external     allowed      internal
#                                 ports     clients      ports
pc_insert "max_lifetime" "allow 1-65535 1-65535" $CONFIG
pc_insert "max_lifetime" "allow 1-65535 1-65535" $CONFIG
pc_insert "max_lifetime" "allow 1-65535 1-65535" $CONFIG

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!