This site is currently in read-only mode during migration to a new platform.
You cannot post questions, answers or comments, as they would be lost during the migration otherwise.
0 votes

Hey all,

I'm planning on using UPNP to allow p2p connections for multiplayer. I'd like to make sure I'm following good security practices, so I have the following questions.

Should I minimize the time that ports spend "forwarded"? Or is it okay to leave a port "forwarded" to the current device, and assume that the next device that needs to use that port will override it?

Also, it seems as if many routers now ship with UPNP off for security reasons, and that there are other ways (NAT hole-punching) of automatically establishing a p2p connection between two devices that are both behind routers. Should I consider using something other than UPNP, and if so, how would that be implemented in godot?

in Engine by (174 points)

If the users already enabled UPNP in their network(router), you don't need worry much about their security. UPNP is made to be insecure, it is a way to perform port-forwarding via request from devices. Even if your program removes port mapping after its done, some other program can perform port mapping via UDP too. Although (I think) it is always a good idea to try to be more secure, so my answer to first part of your question would be clean up your port mappings as best as you can, but keep in mind that you can't always do that (crashes, power losses etc.) and another program can use UPNP just like your program. I can't answer the second part since I don't know much about NAT punching stuff.

Please log in or register to answer this question.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.