miniupnpd not inserting pf rules

krad kraduk at gmail.com
Wed Dec 11 15:00:03 UTC 2013 

I have being having some trouble/fun with miniupnpd, in that it didnt seem
to be inserting the rules into pf ( pfctl -sr -a miniupnpd
). The rdr rules are inserted fine just not the firewall rules at the rules
anchor. I think I have traced the problem down to the port build itself. I
have tested and reproduced it on a clean system on both 9.2 and 10 64bit
intel builds, but I would be good to have a sanity check make sure i have
not missed something before I raise a pr/bug report to the maintainer.


The problem lies with the extra_patch that isnt applied even if the
dialogue option is checked. Manually specifying it in the environment
doesn't work either

.if ${PORT_OPTIONS:MWITH_PF_ENABLE_FILTER_RULES}
EXTRA_PATCHES=  ${PATCHDIR}/pf_enable_filter_rules.patch


the patch basically modifys the ports 'work/miniupnpd-1.8/genconfig.sh'
script and uncomments the PF_ENABLE_FILTER_RULES option. However the port
doesnt do this no matter what I do. Manually applying the patch does
though, so I can only assume its a badly crafted Makefile (i have a clean
svnup'd ports tree). This seems to affect the binary package as well


[root at carrera /usr/ports/net/miniupnpd]# make clean ; rm -rf work ; make
>/dev/null ; echo $?
===>  Cleaning for miniupnpd-1.8,1
./genconfig.sh: WARNING: $ipfilter_enable is not set properly - see
rc.conf(5).
0
[root at carrera /usr/ports/net/miniupnpd]# grep PF_ENABLE_FILTER_RULES
work/miniupnpd-1.8/genconfig.sh
echo "/*#define PF_ENABLE_FILTER_RULES*/">> ${CONFIGFILE}
[root at carrera /usr/ports/net/miniupnpd]# cd  work/miniupnpd-1.8/

[root at carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# patch <
../../files/pf_enable_filter_rules.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- genconfig.sh.orig  2012-06-18 18:14:32.899227837 +0200
|+++ genconfig.sh       2012-06-18 18:14:45.089227683 +0200
--------------------------
Patching file genconfig.sh using Plan A...
Hunk #1 succeeded at 321 (offset 19 lines).
done
[root at carrera /usr/ports/net/miniupnpd/work/miniupnpd-1.8]# grep
PF_ENABLE_FILTER_RULES genconfig.sh
echo "#define PF_ENABLE_FILTER_RULES">> ${CONFIGFILE}


running a debug on make I see no mention pf extra patch files being applied
as well

More information about the freebsd-questions mailing list