Re: Differences between ports build and poudriere

From: Tatsuki Makino <>
Date: Thu, 16 Jun 2022 09:16:46 UTC
Paul Armstrong wrote on 2022/06/16 17:11:
> Still, I'm confused as to why the ports build servers choke on this and my personal poudriere server
> is fine. It's using the defaults for networking, other than photoprism, so it should block everything and I would expect it to error out in the same manner.

My FreeBSD running poudriere has the following settings:

* /usr/sbin/ppp -nat
* sysctl net.inet.ip.forwarding=1 by gateway_enable="YES" in /etc/rc.conf

It is my belief that a combination of these factors allows packets to slip through.
Those packets are dropped by ipfw2 rules, so I don't know if that will be successful.
add 200 deny ip from any to
add 300 deny ip from to any
Such packets are often observed on ports that use libxslt during builds.
Since xsltproc has a --nonet option, it would be better to use it.

This is just my extreme example, and there may be other simple causes.