I would pay at least $100 for someone to put working UPnP support in the base image. It can be disabled by default, and even require 10 different check marks to enable if you want to be that crazy about it (I know that many consider it a huge security hole).
I want it because I have multiple machines at home, using things like BitTorrent that function best if they have dedicated ports. While I can forward ports, it then requires setting up DHCP reservations for each machine, and there are some apps that don't allow you to change their default port. I also have two XBoxes and an XBox360, all of which like to be able to poke holes so they can host games. There's no way to configure a port range on either game system. It can and does "work" behind a normal NAT box, but your system is never able to become a host for outsiders, which can make finding a game to play more difficult at times.
I only ask that UPnP be in base (as opposed to an add-on) because I'm using a Soekris with a CF card, and I don't have access to the packages system. It doesn't necessarily have to be tied into the main code tree, I just want it to be something that gets distributed as part of a "vanilla" system.
I'd be willing to go higher if you can do it quickly (by the end of Feb. would be great). I welcome anyone else that wants UPnP support to tack on more money to this bounty. It would make pfSense the only embedded-type platform short of junky consumer boxes (Linksys/etc) that handles UPnP.
For those who aren't familiar, UPnP itself is actually not all that complicated. It's a series of HTTP messages that are multicasted to the LAN, and then from there it looks like a SOAP exchange, with XML data going back and forth between devices. It does have periodic multicasting ("advertisement") built in to the spec, so a proper system would probably use a daemon, although I could also see it being implemented with straight PHP I suppose.
Here's all the technical info you should need to implement (some of this didn't look right in Firefox 1.5, not sure why):http://www.upnp.org/download/UPnPDA10_20000613.htm
You can find more information on what a router (aka "Internet Gateway Device") is required to implement here:http://www.upnp.org/standardizeddcps/igd.asp
I don't even really care about a fully compliant implementation - as long as my devices can talk to pfSense and get it to open ports as needed (and then dispose of them), I'll consider the bounty fulfilled. A fully compliant system would kick ass though.