It's probably for the best. The implementation of upnp and nat-pmp is frequently done incorrectly. Many implementations simply break the fw security or leak identifying information by enabling the feature. I once saw a case which opened port 0 everytime upnp was used. Not closed, or stealth, but open. Encouraging running a relay is all good, but doing it and not being able to account for implementations which introduce security problems is risky.

--leeroy

On 7/23/2015 at 2:26 PM, "Jacob Appelbaum" <jacob@appelbaum.net> wrote:

>> Also - does this mean that after many many years... that this new
>> version of tor-fw-helper be enabled by default at build time? Pretty
>> please? :-)
>
> Unlikely, AFAIK the general plan was to have it as a separate package.
>

That is really a major bummer if so - we should be shipping this code
and enabling it by default. If a user wants to run a relay, they
should only have to express that intent with a single button.

All the best,
Jake