I found https://github.com/miniupnp/miniupnp/issues/529 and added some comments.
The code is fairly awkward because it handles pre- and post-2010 PF (they need the old stuff for FreeBSD but having everything in the same file with #ifdef doesn't make it easy to reason with), *and* has a build-time option for whether to create filter rules or only translation rules, so it's all a bit hard to follow. On 2022/05/13 13:13, Christian Kundela wrote: > Hi ! > > i did > > pfctl -sr -a miniupnpd > > you can see it also in pftop > > > for example if you test with the Windows 10 XBox App (Networktest) dont > close the app, > > because it will delete the rules in the anchor. > > > You have right hiding internal addresses is not productive > > > Best regards > > Chris > > > Am 13.05.2022 um 11:42 schrieb Stuart Henderson: > > On 2022/05/13 08:04, Peter N. M. Hansteen wrote: > > > On Thu, May 12, 2022 at 09:58:26PM +0200, Christian Kundela wrote: > > > > in the anchor it produces two rules: > > > > > > > > pass in quick on XXX inet proto udp from any to any port = XXXX label > > > > "XXXX" > > > > rdr-to X.X.X.X port XXXX > > > > nat quick on XXX inet proto udp from X.X.X.X port = XXXX to any label > > > > "XXXX" > > > > nat-to X.X.X.X port XXXX > > > The "nat [quick] on" syntax stopped being valid on OpenBSD with the NAT > > > rewrite > > > in OpenBSD 4.7, some 12 years ago. If you replace the "nat quick" with > > > "pass quick" > > > at least the syntax will be valid. > > Something is mangled here, "nat quick on ..." never existed. > > > > How are you seeing these anchor rules Christian? Is that a direct > > paste from something before redacting addresses/etc? If it's > > retyped please check accuracy. > > > > Redacting the interface names and ports isn't really helpful to hiding > > anything and makes it hard to understand what is going on.. Redacting > > addresses is ok but please do something to distinguish addresses and > > show which is internal/external. >
