diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index c19342fac..33143b505 100644
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -51,7 +51,6 @@ define Package/miniupnpd/install
 	$(INSTALL_DATA) ./files/miniupnpd.iface.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
 	$(INSTALL_DATA) ./files/miniupnpd.firewall.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
 	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
-	$(INSTALL_DATA) ./files/upnpd.config.example $(1)/etc/config/upnpd.example
 endef
 
 $(eval $(call BuildPackage,miniupnpd))
diff --git a/net/miniupnpd/files/upnpd.config b/net/miniupnpd/files/upnpd.config
index e12f9a255..02b4b2abe 100644
--- a/net/miniupnpd/files/upnpd.config
+++ b/net/miniupnpd/files/upnpd.config
@@ -8,9 +8,17 @@ config upnpd config
 	option external_iface	wan
 	option internal_iface	lan
 	option port		5000
+	
+config perm_rule
+	option action		allow
+	option ext_ports	1024-65535
+	option int_addr		0.0.0.0/0	# Does not override secure_mode
+	option int_ports	1024-65535
+	option comment		"Allow high ports"
 
 config perm_rule
        option action		deny
        option ext_ports		0-65535
        option int_addr		0.0.0.0/0
        option int_ports		0-65535
+       option comment		"Default deny"
diff --git a/net/miniupnpd/files/upnpd.config.example b/net/miniupnpd/files/upnpd.config.example
deleted file mode 100644
index 5a632be53..000000000
--- a/net/miniupnpd/files/upnpd.config.example
+++ /dev/null
@@ -1,45 +0,0 @@
-config upnpd config
-	option enable_natpmp	1
-	option enable_upnp	1
-	option secure_mode	1
-	option log_output	0
-	option download 	1024
-	option upload   	512
-	option external_iface	wan
-	option internal_iface	lan
-	option port		5000
-
-config perm_rule
-       option action		deny
-       option ext_ports		0-65535
-       option int_addr		0.0.0.0/0
-       option int_ports		0-65535
-
-# Allow rule
-# Allow incoming on a port in the range 1024 to 65535 to be redirected to
-# any 192.168.1.0/24 subnet host (depending on secure_mod) on a port in the
-# range 1024 to 65535
-# config perm_rule
-#	option action allow
-#	option ext_ports 1024-65535
-#	option int_addr 192.168.1.0/24
-#	option int_ports 1024-65535
-
-# Single port
-# Allow incoming on 12233 to be redirected to 192.168.1.24 on a port in the
-# range 12233 to 12345 (inclusive)
-# config perm_rule
-#	option action allow
-#	option ext_ports 12233
-#	option int_addr 192.168.1.24/24
-#	option int_ports 12233-12345
-#
-
-# Deny rule (recommended at end)
-# Deny any redirection that matchs:
-#  incoming on port 0-65535, redirected to any port numbered 0-65535 on any ip
-# config perm_rule
-#       option action deny
-#       option ext_ports 0-65535
-#       option int_addr 0.0.0.0/0
-#       option int_ports 0-65535