View Issue Details

IDProjectCategoryView StatusLast Update
0004581GNUnetexit daemonpublic2022-06-04 23:13
ReporterlynX Assigned To 
Status assignedResolutionopen 
OSFreeBSDOS Version9.3-RELEASE-p1 
Product VersionGit master 
Target Version0.18.0 
Summary0004581: iptables not available on FreeBSD
Description mentions exit/VPN possibly working on BSD, but unfortunately /usr/include/net/if_tun.h provides a lot less features than linux/if_tun.h. I added some ifdefs to correct the include and avoid some ioctls that do not exist on BSD, but the fact that gnunet-helper-exit tries to call "iptables" makes this feature currently not very portable to BSD.

I suppose it is pointless to commit my patches that allow gnunet-helper-exit to compile if it can't possibly work.
Additional InformationFatal: executable iptables not found in approved directories: No such file or directory
Fatal: executable iptables not found in approved directories: No such file or directory
Fatal: executable iptables not found in approved directories: No such file or directory
TagsNo tags attached.


Christian Grothoff

2016-08-03 11:50

manager   ~0011000

Is it so hard to figure out how to translate the iptables invocations to corresponding FreeBSD incantations?


2019-03-21 14:24

developer   ~0014230

It seems to me as if this bug would be solved once the rewrite of -dns-helper I was told about
is done?

Christian Grothoff

2019-04-05 23:13

manager   ~0014259

Yes, but this would require a _major_ rewrite of gnunet-service-dns to basically turn it into a DNS server instead of a DNS query interceptor.


2019-09-10 10:38

developer   ~0014879

Last edited: 2019-09-10 10:40

meanwhile could I add pf and/or npf support? I can at least come up with this faster than rewriting gnunet-service-dns into a dns server.

Part of the original issue has been worked around iirc (not compiling on FreeBSD) but someone would have to test it (me, as soon as replacement parts for my server arrive).

The issue of this not working on *BSD remains.

Christian Grothoff

2019-09-10 13:34

manager   ~0014880

Sure, pf/npf support would be great. (Note: no relationship to Taler here, though).


2019-09-11 14:04

developer   ~0014883

This file will also fail with system which do not provide the binary "ip", which also includes the majority of the BSD Operating Systems.


2019-09-13 01:23

developer   ~0014895

As a sidenote for myself and reference - there seems to be a (slow) move to replace iptables with BPF:

Issue History

Date Modified Username Field Change
2016-06-17 20:13 lynX New Issue
2016-08-03 11:50 Christian Grothoff Note Added: 0011000
2017-02-26 01:41 Christian Grothoff Severity block => feature
2019-03-21 14:24 nikita Note Added: 0014230
2019-03-21 14:24 nikita Assigned To => Christian Grothoff
2019-03-21 14:24 nikita Status new => feedback
2019-04-05 23:13 Christian Grothoff Note Added: 0014259
2019-09-04 07:04 Christian Grothoff Assigned To Christian Grothoff =>
2019-09-04 07:04 Christian Grothoff Status feedback => acknowledged
2019-09-10 10:38 nikita Note Added: 0014879
2019-09-10 10:39 nikita Note Edited: 0014879
2019-09-10 10:40 nikita Note Edited: 0014879
2019-09-10 13:34 Christian Grothoff Note Added: 0014880
2019-09-11 14:04 nikita Note Added: 0014883
2019-09-11 14:04 nikita Assigned To => nikita
2019-09-11 14:04 nikita Status acknowledged => assigned
2019-09-13 01:23 nikita Note Added: 0014895
2020-10-29 10:15 schanzen Target Version => 0.15.0
2021-06-10 19:36 schanzen Target Version 0.15.0 => 0.16.0
2021-12-31 09:29 schanzen Target Version 0.16.0 => 0.17.0
2021-12-31 09:32 schanzen Target Version 0.17.0 => 1.0.0
2021-12-31 09:36 schanzen Target Version 1.0.0 => 0.17.0
2021-12-31 09:37 schanzen Assigned To nikita =>
2022-06-04 23:13 schanzen Target Version 0.17.0 => 0.18.0