# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# HTTP is available on all interfaces
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
#port=0

# chain names for netfilter (not used for pf or ipf).
#  (Don't change these, otherwise you'll have to change some iptables code)
upnp_forward_chain=UPNPFW
upnp_nat_chain=UPNPFW

# bitrates reported by daemon in bits per second

# enable NAT-PMP support (default is no)
#  (I use NAT-PMP and UPNP, enable what you would like to use.)
enable_natpmp=yes

# enable UPNP support (default is yes)
#  (I use NAT-PMP and UPNP, enable what you would like to use.)
enable_upnp=yes

# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
#  (I've always left this alone)
secure_mode=no

# report system uptime instead of daemon uptime
system_uptime=yes

# notify interval in seconds. default is 30 seconds.
notify_interval=60

# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600

# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=1

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
#allow 0-65535 0.0.0.0/0 0-65535
#  (You need to allow clients access.  In my case I have one system I'm denying
#   access and then allowing everyone else)
deny 0-65535 172.16.87.30/32 0-65535
allow 1024-65535 172.16.87.0/24 1024-65535