Date: Wed, 11 Dec 2013 15:00:02 +0000 From: krad <kraduk@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org>, ports@freebsd.org Cc: quat@squat.no Subject: miniupnpd not inserting pf rules Message-ID: <CALfReyeni-QtQ%2BpJW5CqWOSqcG7OdJhsM_gKDFx3r9UgAJTQtQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have being having some trouble/fun with miniupnpd, in that it didnt seem
to be inserting the rules into pf ( pfctl -sr -a miniupnpd
). The rdr rules are inserted fine just not the firewall rules at the rules
anchor. I think I have traced the problem down to the port build itself. I
have tested and reproduced it on a clean system on both 9.2 and 10 64bit
intel builds, but I would be good to have a sanity check make sure i have
not missed something before I raise a pr/bug report to the maintainer.
The problem lies with the extra_patch that isnt applied even if the
dialogue option is checked. Manually specifying it in the environment
doesn't work either
.if ${PORT_OPTIONS:MWITH_PF_ENABLE_FILTER_RULES}
EXTRA_PATCHES= ${PATCHDIR}/pf_enable_filter_rules.patch
the patch basically modifys the ports 'work/miniupnpd-1.8/genconfig.sh'
script and uncomments the PF_ENABLE_FILTER_RULES option. However the port
doesnt do this no matter what I do. Manually applying the patch does
though, so I can only assume its a badly crafted Makefile (i have a clean
svnup'd ports tree). This seems to affect the binary package as well
[root@carrera /usr/ports/net/miniupnpd]# make clean ; rm -rf work ; make
>/dev/null ; echo $?
===> Cleaning for miniupnpd-1.8,1
./genconfig.sh: WARNING: $ipfilter_enable is not set properly - see
rc.conf(5).
0
[root@carrera /usr/ports/net/miniupnpd]# grep PF_ENABLE_FILTER_RULES
work/miniupnpd-1.8/genconfig.sh
echo "/*#define PF_ENABLE_FILTER_RULES*/">> ${CONFIGFILE}
[root@carrera /usr/ports/net/miniupnpd]# cd work/miniupnpd-1.8/
[root@carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# patch <
../../files/pf_enable_filter_rules.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- genconfig.sh.orig 2012-06-18 18:14:32.899227837 +0200
|+++ genconfig.sh 2012-06-18 18:14:45.089227683 +0200
--------------------------
Patching file genconfig.sh using Plan A...
Hunk #1 succeeded at 321 (offset 19 lines).
done
[root@carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# grep
PF_ENABLE_FILTER_RULES genconfig.sh
echo "#define PF_ENABLE_FILTER_RULES">> ${CONFIGFILE}
running a debug on make I see no mention pf extra patch files being applied
as well
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyeni-QtQ%2BpJW5CqWOSqcG7OdJhsM_gKDFx3r9UgAJTQtQ>