Re: Differences between ports build and poudriere

In reply to: Paul Armstrong : "Re: Differences between ports build and poudriere"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tatsuki Makino <tatsuki_makino_at_hotmail.com>
Date: Thu, 16 Jun 2022 09:16:46 UTC

Paul Armstrong wrote on 2022/06/16 17:11:
> 
> Still, I'm confused as to why the ports build servers choke on this and my personal poudriere server
> is fine. It's using the defaults for networking, other than photoprism, so it should block everything and I would expect it to error out in the same manner.
> 

My FreeBSD running poudriere has the following settings:

* /usr/sbin/ppp -nat
* sysctl net.inet.ip.forwarding=1 by gateway_enable="YES" in /etc/rc.conf

It is my belief that a combination of these factors allows packets to slip through.
Those packets are dropped by ipfw2 rules, so I don't know if that will be successful.
add 200 deny ip from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
Such packets are often observed on ports that use libxslt during builds.
Since xsltproc has a --nonet option, it would be better to use it.

This is just my extreme example, and there may be other simple causes.

Regards.