From 62a04130745f5eade7aab277e8fdb38a78aeb173 Mon Sep 17 00:00:00 2001
From: Guillaume Dedrie <guillaume.dedrie@gmail.com>
Date: Wed, 27 Dec 2023 14:47:01 +0100
Subject: [PATCH] feat(firewall): allow UPnP in output

---
 files/etc_nftables.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/files/etc_nftables.conf.j2 b/files/etc_nftables.conf.j2
index fe8f94f..9ff6ef7 100644
--- a/files/etc_nftables.conf.j2
+++ b/files/etc_nftables.conf.j2
@@ -65,6 +65,9 @@ table inet firewall {
         ip daddr 224.0.0.251 udp dport 5353 counter accept comment "Accept mDNS on local networks"
         ip6 daddr ff02::fb udp dport 5353 accept comment "Accept mDNS"
 
+        # UPnP
+        ip daddr 239.255.255.250 udp dport 1900 counter accept comment "Accept UPnP"
+
         log prefix "[nftables] Output Denied: " counter reject
     }