Created attachment 198311 [details] Full build log (after config step) SUMMARY At a glance, miniupnpd appears to have support for all three of FreeBSD's firewall types: pf, ipfilter, and ipfw. But ipfw support does not compile, and the fix to make it compile does not look very simple; ipfw may have undergone an API re-write in the time since ipfw support was included in miniupnpd. VERSIONS FreeBSD: 11.2-RELEASE r335510 Ports: Not sure, probably vanilla version from 11.2-RELEASE net/miniupnpd: 1.9.20160113 STEPS TO REPRODUCE The code in question will not be configured at compile time unless the host system has enabled ipfw in /etc/rc.conf. (This is done in genconfig.sh in the miniupnpd distribution): 1. Add firewall_enable="YES" to /etc/rc.conf before attempting to build the port. 2. Change directories to the miniupnpd port: cd /usr/ports/net/miniupnpd/ 3. Configure the port: make config, accept the default, which is only "IPv6 protocol support" 4. Make 5. The build process should fail when compiling ipfw/ipfwrdr.c: cc -O2 -pipe -I/usr/include -fstack-protector -fno-strict-aliasing -Wall -W Wstrict-prototypes -fno-common -c -o ipfw/ipfwrdr.o ipfw/ipfwrdr.c ipfw/ipfwrdr.c:176:7: error: no member named 'version' in 'struct ip_fw' rule.version = IP_FW_CURRENT_API_VERSION; ~~~~ ^ FURTHER DETAILS The code appears to include <netinet/ip_fw.h> for its main kernel interface. The members of the structures currently defined in this file, however, bear little resemblance to the members being used by the code. For instance, the very first compilation error above implies that there is a "version" member in the "ip_fw" structure. There is no such member in the current code. Likewise, the symbol "IP_FW_CURRENT_API_VERSION" doesn't exist at all in any header file under /usr/include.