> Unfortunately, disabling uPnP these days is too much of a hit to convenience, so I looked for other solutions.

Don't do this, there is no good reason to run UPNP if you care about security, turn it off and learn to manage a firewall.

If the author really cares, go one step further and replace the ISP owned router with something with more control.

Finally, if one cares about the software one's NAS runs, build or buy from someone like TrueNAS.

I also found this weird, and this got me to check if it was enabled on my business firewall devices: turns out they don't even support UPnP. Is it just consumer routers that support it nowadays? Shouldn't that feature just be nuked?

EDIT: Well it sounds like a feature for pro users that know what they are doing and control all devices on the network. Even then, security appliances (eg. from SonicWall) don't support it. I don't know, this is probably a niche feature for a few occasions.

Far from only a feature for pro users. Notably, it is a must for VoIP (without going through a relay) and BitTorrent when you don't want to manually configure a firewall. (allows to create holes in a controlled way for a NATted network)

Without UPnP, you specifically have to configure your NAT for this...

> Notably, it is a must for VoIP

Wouldn't making STUN work be a better alternative?

Yes, it’s a feature supported by many VOIP clients, and this comments section is filled with UPnP apologists

As I said, "without going through a relay".

And TURN is one of those relays.

(I host a STUN and TURN relay myself, because I had to for my personal VoIP server for enough people to be able to connect on it. Downside is more use of bandwidth.)

edit: replaced STUN with TURN where appropriate, I did confuse both as they were provided as a single package.

What STUN relay software do you use, or is it a hardware device?