From owner-freebsd-ports@FreeBSD.ORG Wed Dec 11 15:00:03 2013 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9D546E87; Wed, 11 Dec 2013 15:00:03 +0000 (UTC) Received: from mail-qa0-x22c.google.com (mail-qa0-x22c.google.com [IPv6:2607:f8b0:400d:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4DA8B12E8; Wed, 11 Dec 2013 15:00:03 +0000 (UTC) Received: by mail-qa0-f44.google.com with SMTP id i13so4853351qae.10 for ; Wed, 11 Dec 2013 07:00:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=N9D7C58nDKnGi1Th6xD6i4f0ouCOXU09IaGRi4OXKSg=; b=BpoGZxnkMkL91QcOsA609589vzphK7a4ByW7ASRaN+kSuBbnAs30gzIY+8vwSaxax4 HCSmw1y3/Rq1Y5vxhMs8ST5qzLY9lEqaQVyfHqRyQ4sgwmLMVJIWpTLjSw0Ad81F97F9 4t8B4/Ek40+ThE7vbOSM2wGx5BsbUbWSUWUiEwxmetKmSQRAO1n2RF+hDSVMz5HwfBqr 6vtHaFED7MpSuPCSqQCJlzKngeAGNUve1K/cuyY/+vnOCPBitarksBLz+qiyGHhLEFvf n8pyxR2wftbDde8CQhE/fPErEiYzu1VvjxIWAvQ8gmiqTVcfUAKc6Z8rIV7L5EX/0sWO yZJA== MIME-Version: 1.0 X-Received: by 10.224.113.209 with SMTP id b17mr3434093qaq.62.1386774002251; Wed, 11 Dec 2013 07:00:02 -0800 (PST) Received: by 10.224.36.137 with HTTP; Wed, 11 Dec 2013 07:00:02 -0800 (PST) Date: Wed, 11 Dec 2013 15:00:02 +0000 Message-ID: Subject: miniupnpd not inserting pf rules From: krad To: FreeBSD Questions , ports@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: quat@squat.no X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Dec 2013 15:00:03 -0000 I have being having some trouble/fun with miniupnpd, in that it didnt seem to be inserting the rules into pf ( pfctl -sr -a miniupnpd ). The rdr rules are inserted fine just not the firewall rules at the rules anchor. I think I have traced the problem down to the port build itself. I have tested and reproduced it on a clean system on both 9.2 and 10 64bit intel builds, but I would be good to have a sanity check make sure i have not missed something before I raise a pr/bug report to the maintainer. The problem lies with the extra_patch that isnt applied even if the dialogue option is checked. Manually specifying it in the environment doesn't work either .if ${PORT_OPTIONS:MWITH_PF_ENABLE_FILTER_RULES} EXTRA_PATCHES= ${PATCHDIR}/pf_enable_filter_rules.patch the patch basically modifys the ports 'work/miniupnpd-1.8/genconfig.sh' script and uncomments the PF_ENABLE_FILTER_RULES option. However the port doesnt do this no matter what I do. Manually applying the patch does though, so I can only assume its a badly crafted Makefile (i have a clean svnup'd ports tree). This seems to affect the binary package as well [root@carrera /usr/ports/net/miniupnpd]# make clean ; rm -rf work ; make >/dev/null ; echo $? ===> Cleaning for miniupnpd-1.8,1 ./genconfig.sh: WARNING: $ipfilter_enable is not set properly - see rc.conf(5). 0 [root@carrera /usr/ports/net/miniupnpd]# grep PF_ENABLE_FILTER_RULES work/miniupnpd-1.8/genconfig.sh echo "/*#define PF_ENABLE_FILTER_RULES*/">> ${CONFIGFILE} [root@carrera /usr/ports/net/miniupnpd]# cd work/miniupnpd-1.8/ [root@carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# patch < ../../files/pf_enable_filter_rules.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- genconfig.sh.orig 2012-06-18 18:14:32.899227837 +0200 |+++ genconfig.sh 2012-06-18 18:14:45.089227683 +0200 -------------------------- Patching file genconfig.sh using Plan A... Hunk #1 succeeded at 321 (offset 19 lines). done [root@carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# grep PF_ENABLE_FILTER_RULES genconfig.sh echo "#define PF_ENABLE_FILTER_RULES">> ${CONFIGFILE} running a debug on make I see no mention pf extra patch files being applied as well