Date: Thu, 16 Jun 2022 18:16:46 +0900 From: Tatsuki Makino <tatsuki_makino@hotmail.com> To: "freebsd-ports@freebsd.org" <freebsd-ports@FreeBSD.org> Subject: Re: Differences between ports build and poudriere Message-ID: <PSAPR03MB5639393137AECFEA00A46FBAFAAC9@PSAPR03MB5639.apcprd03.prod.outlook.com> In-Reply-To: <FF1BF106-CE4E-48C2-9B96-BE617853E23E@otoh.org> References: <7CB64EC1-FF13-4033-9691-0C191853EA47@otoh.org> <FF1BF106-CE4E-48C2-9B96-BE617853E23E@otoh.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Armstrong wrote on 2022/06/16 17:11: > > Still, I'm confused as to why the ports build servers choke on this and my personal poudriere server > is fine. It's using the defaults for networking, other than photoprism, so it should block everything and I would expect it to error out in the same manner. > My FreeBSD running poudriere has the following settings: * /usr/sbin/ppp -nat * sysctl net.inet.ip.forwarding=1 by gateway_enable="YES" in /etc/rc.conf It is my belief that a combination of these factors allows packets to slip through. Those packets are dropped by ipfw2 rules, so I don't know if that will be successful. add 200 deny ip from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any Such packets are often observed on ports that use libxslt during builds. Since xsltproc has a --nonet option, it would be better to use it. This is just my extreme example, and there may be other simple causes. Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PSAPR03MB5639393137AECFEA00A46FBAFAAC9>