From a255df2488f35298826651cdf47b5144bf4b8709 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Wed, 18 May 2022 08:16:54 +0200
Subject: [PATCH 1/2] Dont create nat rule for Port Triggering, but a pass rule

should fix #529
---
 miniupnpd/pf/obsdrdr.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/miniupnpd/pf/obsdrdr.c b/miniupnpd/pf/obsdrdr.c
index b3fe0ab..530d432 100644
--- a/miniupnpd/pf/obsdrdr.c
+++ b/miniupnpd/pf/obsdrdr.c
@@ -350,7 +350,12 @@ int add_nat_rule(const char * ifname,
 		pcr.rule.src.addr.type = PF_ADDR_ADDRMASK;
 		pcr.rule.dst.addr.type = PF_ADDR_ADDRMASK;
 
+#ifndef PF_NEWSTYLE
 		pcr.rule.action = PF_NAT;
+#else
+		pcr.rule.action = PF_PASS;	/* or PF_MATCH as we dont expect outbound packets to be blocked */
+		pcr.rule.direction = PF_OUT;
+#endif
 		pcr.rule.af = AF_INET;
 #ifdef USE_IFNAME_IN_RULES
 		if(ifname)
@@ -465,7 +470,12 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 	}
 	memset(&pr, 0, sizeof(pr));
 	strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
+#ifndef PF_NEWSTYLE
 	pr.rule.action = PF_NAT;
+#else
+	pr.rule.action = PF_PASS;	/* or PF_MATCH as we dont expect outbound packets to be blocked */
+	pr.rule.direction = PF_OUT;
+#endif
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");

From 2ede47be462ff29249b96c7ab1f961186319a0fb Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Wed, 18 May 2022 08:34:16 +0200
Subject: [PATCH 2/2] pf/obsdrdr.c: better document PFRULE_INOUT_COUNTS and
 PF_NEWSTYLE

---
 miniupnpd/pf/obsdrdr.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/miniupnpd/pf/obsdrdr.c b/miniupnpd/pf/obsdrdr.c
index 530d432..86c67f2 100644
--- a/miniupnpd/pf/obsdrdr.c
+++ b/miniupnpd/pf/obsdrdr.c
@@ -33,11 +33,12 @@
  * - USE_IFNAME_IN_RULES
  *   If set the interface name is set in the rule.
  * - PFRULE_INOUT_COUNTS
- *   Must be set with OpenBSD version 3.8 and up.
+ *   Must be set with OpenBSD version 3.8 and up, FreeBSD 7.0+, DragonFly 2.8+
+ *   and OS X with pf.
  * - PFRULE_HAS_RTABLEID
  *   Must be set with OpenBSD version 4.0 and up.
- * - PF_NEWSSTYLE
- *   Must be set with OpenBSD version 4.7 and up.
+ * - PF_NEWSTYLE
+ *   Must be set with OpenBSD version 4.7 and up. FreeBSD/pfSense is old style.
  */
 
 #include <sys/types.h>