Stallone runs on devices that perform Network Address Translation (NAT), allowing machines on private networks to request that TCP and UDP ports be forwarded to them. The protocol used is called NAT Port Mapping Protocol (NAT-PMP) which was originally implemented in Apple's AirPort devices.

It is currently written for Linux machines using IP Tables but can easily be modified to work with other routing/firewalling mechanisms.


The latest release is version 0.4.0 released on 2010-12-23. Download Stallone 0.4.0.

To be notified when a new release is available, subscribe to the  releases feed.

Using Stallone

You can read the manual (manpage) by running man stallone, but basically you just run Stallone on your network gateway (NAT machine) with the -D flag to run it in the background:

stallone -D

Log messages will be sent to syslog (usually /var/log/syslog or /var/log/messages). Otherwise you can run Stallone in the foreground and have log messages printed to the screen by running without -D:



You can find the Stallone source on Github.


Stallone is serious about security. That's why it runs as two processes, the main process that runs unprivileged and chroot()ed, and the small root helper process that adjusts firewall rules. The root helper (worker) process drops all the unnecessary capabilities, retaining only CAP_NET_ADMIN. It restricts forwarded ports to a small range and adds its forwarding rules after all other iptables rules in its own chain to prevent getting in the way of existing configuration.


Stallone is free software under the GNU LGPL (version 2.1 or later).

— Ted Percival (contact).