Matthieu Herrb <[email protected]> wrote: > On Mon, Jul 14, 2025 at 03:29:27PM +0200, Theo Buehler wrote: > > matthieu mentioned that this might be useful, so I whipped up a port. > > Fortunately volker and I already prepared patches for an xonly issue > > in aws-l2c so it should be fine in that regard. > > > > This port builds and passes tests on amd64. I can test this way on > > aarch64, but I can't really run test this from where I am right now. > > > > This probably needs a dedicated user and rc setup. I hope someone can > > save me some time by telling me what to do here (or where to copy from). > > > > Thanks. > > The binary works with a simple rc.d file to run it as root. > > Unfortunatly after this initial sucessful testing, I figured out there > are some features that are either missing or adverse to making a good > ports candidate : > > - it cannot run with reduced privileges unless it only listens to > ports > 1024, needing pf level redirects to get 443 ou 80. > - for the same reason it cannot read a private key unless a shared > group is setup to own the key > - since it watches on its config file changes to reload itself > automatically, implementing some forme of privilege dropping will > probaby break this feature. > - also it cannot listen on both IPv4 and IPv6 sockets; it relies on > Linux default behaviour of v6 sockets accepting v4 connexions too.
everything is a nail
