I don’t feel that the use of UPnP to automatically create port forwarding rules on a router is a good idea.
When you use a router with the NAT enabled and on your LAN is assigned a private subnet (ex. 192.168.0.x), the hosts are automatically protected from malicious access incoming from Internet.
But if the router UPnP aware, enable a port forwarding when a Virus which uses UPnP tells of doing it you expose your LAN to security risks (ex. backdoors).
In any case, if you want to make your ZeroShell firewall UPnP aware, you should install linux-igd package (http://linux-igd.sourceforge.net/).
I don’t feel that the use of UPnP [..] on a router is a good idea. [..]
with the NAT enabled [..] hosts are automatically protected from malicious access incoming [..]
UPnP tells of doing it you expose your LAN to security risks [..]
ZeroShell firewall UPnP aware, you should install linux-igd package [..]
I thought you might say that. Anyone running this software should be knowledgable enough to know how their implementaion effects security.
If you had your firewall configured to “deny anything not permitted” (Corporate LAN) then UPnP might foil your security plan. Most service providers and home users run a “permit everything that is not excluded” type of firewall. This type of malware is usually able to traverse a NAT box. Anyway, just another opinion.
I had been looking at that package and am glad that you think it will work. Thanks.