Limiting UPNP to one device

swemattias · Feb 8, 2022, 7:16 AM

UPNP is as stated in the documentation a security nightmare.
But it is so convenient... so I thought to use ACL for it.
If I deny every upnp request except this:
allow 1024-65535 10.1.1.70 1024-65535

That would limit my attack surface right?
That is my gamin console with a static ip.

behemyth · Feb 11, 2022, 5:21 PM

Yes, that would limit UPNP to only 10.1.1.70

swemattias · Feb 23, 2022, 7:35 PM

@behemyth Sorry for being back so "late" but it sure works!