Paul Armstrong wrote on 2022/06/16 17:11: > > Still, I'm confused as to why the ports build servers choke on this and my > personal poudriere server > is fine. It's using the defaults for networking, other than photoprism, so it > should block everything and I would expect it to error out in the same manner. >
My FreeBSD running poudriere has the following settings: * /usr/sbin/ppp -nat * sysctl net.inet.ip.forwarding=1 by gateway_enable="YES" in /etc/rc.conf It is my belief that a combination of these factors allows packets to slip through. Those packets are dropped by ipfw2 rules, so I don't know if that will be successful. add 200 deny ip from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any Such packets are often observed on ports that use libxslt during builds. Since xsltproc has a --nonet option, it would be better to use it. This is just my extreme example, and there may be other simple causes. Regards.
