diff --git a/miniupnpd/pf/obsdrdr.c b/miniupnpd/pf/obsdrdr.c
index 5d323e1..7614f06 100644
--- a/miniupnpd/pf/obsdrdr.c
+++ b/miniupnpd/pf/obsdrdr.c
@@ -470,10 +470,15 @@ int add_nat_rule(const char * ifname,
 	return r;
 }
 
+/*
+ * returns:  0 : OK
+ *          -1 : ERROR
+ *          -2 : Rule not found
+ */
 static int
 delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t iaddr)
 {
-	int i, n;
+	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
@@ -492,20 +497,21 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-		goto error;
+		return -1;
 	}
 	n = pr.nr;
 #ifdef PF_RELEASETICKETS
 	tnum = pr.ticket;
 #endif /* PF_RELEASETICKETS */
+	r = -2;	/* not found */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
-			release_ticket(dev, tnum);
-			goto error;
+			r = -1;
+			break;
 		}
 #ifdef TEST
 		syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x    %8x",
@@ -520,25 +526,27 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
+				break;
 			}
 			pr.action = PF_CHANGE_REMOVE;
 			pr.nr = i;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
 			}
-			release_ticket(dev, tnum);
-			return 0;
+			else
+			{
+				r = 0;
+			}
+			break;
 		}
 	}
+	if (r == -2)
+		syslog(LOG_NOTICE, "could not find nat rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
 	release_ticket(dev, tnum);
-	syslog(LOG_NOTICE, "could not find nat rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
-error:
-	return -1;
+	return r;
 }
 #endif
 
@@ -853,7 +861,8 @@ get_redirect_rule_count(const char * ifname)
 
 /* get_redirect_rule()
  * return value : 0 success (found)
- * -1 = error or rule not found */
+ * -1 = error
+ * -2 = rule not found */
 int
 get_redirect_rule(const char * ifname, unsigned short eport, int proto,
                   char * iaddr, int iaddrlen, unsigned short * iport,
@@ -862,7 +871,7 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
                   unsigned int * timestamp,
                   u_int64_t * packets, u_int64_t * bytes)
 {
-	int i, n;
+	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
 #ifndef PF_NEWSTYLE
@@ -882,20 +891,21 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-		goto error;
+		return -1;
 	}
 	n = pr.nr;
 #ifdef PF_RELEASETICKETS
 	tnum = pr.ticket;
 #endif /* PF_RELEASETICKETS */
+	r = -2;
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
-			release_ticket(dev, tnum);
-			goto error;
+			r = -1;
+			break;
 		}
 #ifdef __APPLE__
 		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
@@ -933,18 +943,21 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
 			if(ioctl(dev, DIOCGETADDRS, &pp) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m");
-				goto error;
+				r = -1;
+				break;
 			}
 			if(pp.nr != 1)
 			{
 				syslog(LOG_NOTICE, "No address associated with pf rule");
-				goto error;
+				r = -1;
+				break;
 			}
 			pp.nr = 0;	/* first */
 			if(ioctl(dev, DIOCGETADDR, &pp) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCGETADDR, ...): %m");
-				goto error;
+				r = -1;
+				break;
 			}
 #ifdef PFVAR_NEW_STYLE
 			inet_ntop(AF_INET, &pp.addr.addr.v.a.addr.v4addr.s_addr,
@@ -980,13 +993,11 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
 			}
 			if(timestamp)
 				*timestamp = get_timestamp(eport, proto);
-			release_ticket(dev, tnum);
-			return 0;
+			r = 0;
 		}
 	}
 	release_ticket(dev, tnum);
-error:
-	return -1;
+	return r;
 }
 
 #define priv_delete_redirect_rule(ifname, eport, proto, iport, \
@@ -994,7 +1005,8 @@ error:
         priv_delete_redirect_rule_check_desc(ifname, eport, proto, iport, \
                                              iaddr, rhost, rhostlen, 0, NULL)
 /* if check_desc is true, only delete the rule if the description differs.
- * returns : -1 : error / rule not found
+ * returns : -2 : rule not found
+ *           -1 : error
  *            0 : rule deleted
  *            1 : rule untouched
  */
@@ -1004,7 +1016,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
                           in_addr_t * iaddr, char * rhost, int rhostlen,
                           int check_desc, const char * desc)
 {
-	int i, n;
+	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
@@ -1021,20 +1033,21 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-		goto error;
+		return -1;
 	}
 	n = pr.nr;
 #ifdef PF_RELEASETICKETS
 	tnum = pr.ticket;
 #endif /* PF_RELEASETICKETS */
+	r = -2;
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
-			release_ticket(dev, tnum);
-			goto error;
+			r = -1;
+			break;
 		}
 #ifdef __APPLE__
 		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
@@ -1060,18 +1073,21 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 				if(ioctl(dev, DIOCGETADDRS, &pp) < 0)
 				{
 					syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m");
-					goto error;
+					r = -1;
+					break;
 				}
 				if(pp.nr != 1)
 				{
 					syslog(LOG_NOTICE, "No address associated with pf rule");
-					goto error;
+					r = -1;
+					break;
 				}
 				pp.nr = 0;	/* first */
 				if(ioctl(dev, DIOCGETADDR, &pp) < 0)
 				{
 					syslog(LOG_ERR, "ioctl(dev, DIOCGETADDR, ...): %m");
-					goto error;
+					r = -1;
+					break;
 				}
 #ifdef PFVAR_NEW_STYLE
 				*iaddr = pp.addr.addr.v.a.addr.v4addr.s_addr;
@@ -1107,34 +1123,33 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 			if(check_desc) {
 				if((desc == NULL && pr.rule.label[0] == '\0') ||
 				   (desc && 0 == strcmp(desc, pr.rule.label))) {
-					release_ticket(dev, tnum);
-					return 1;
+					r = 1;
+					break;
 				}
 			}
 			pr.action = PF_CHANGE_GET_TICKET;
         	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
             	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
+				break;
 			}
 			pr.action = PF_CHANGE_REMOVE;
 			pr.nr = i;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
+				break;
 			}
 			remove_timestamp_entry(eport, proto);
-			release_ticket(dev, tnum);
-			return 0;
+			r = 0;
 		}
 	}
+	if (r == -2)
+		syslog(LOG_NOTICE, "could not find redirect rule to delete eport=%hu", eport);
 	release_ticket(dev, tnum);
-	syslog(LOG_NOTICE, "could not find redirect rule to delete eport=%hu", eport);
-error:
-	return -1;
+	return r;
 }
 
 int
@@ -1144,6 +1159,9 @@ delete_redirect_rule(const char * ifname, unsigned short eport,
 	return priv_delete_redirect_rule(ifname, eport, proto, NULL, NULL, NULL, 0);
 }
 
+/* returns:  0 : OK
+ *          -1 : Error
+ *          -2 : rule not found */
 static int
 priv_delete_filter_rule(const char * ifname, unsigned short iport,
                         int proto, in_addr_t iaddr)
@@ -1152,7 +1170,7 @@ priv_delete_filter_rule(const char * ifname, unsigned short iport,
 	UNUSED(ifname); UNUSED(iport); UNUSED(proto); UNUSED(iaddr);
 	return 0;
 #else
-	int i, n;
+	int i, n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
@@ -1172,14 +1190,15 @@ priv_delete_filter_rule(const char * ifname, unsigned short iport,
 #ifdef PF_RELEASETICKETS
 	tnum = pr.ticket;
 #endif /* PF_RELEASETICKETS */
+	r = -2;
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
-			release_ticket(dev, tnum);
-			goto error;
+			r = -1;
+			break;
 		}
 #ifdef TEST
 syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
@@ -1196,34 +1215,42 @@ syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
         	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
             	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
+				break;
 			}
 			pr.action = PF_CHANGE_REMOVE;
 			pr.nr = i;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
-				release_ticket(dev, tnum);
-				goto error;
+				r = -1;
 			}
-			release_ticket(dev, tnum);
-			return 0;
+			else
+			{
+				r = 0;
+			}
+			break;
 		}
 	}
+	if (r == -2)
+		syslog(LOG_NOTICE, "could not find filter rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
 	release_ticket(dev, tnum);
-	syslog(LOG_NOTICE, "could not find filter rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
-error:
 	return -1;
 #endif
 }
 
+/* returns:  0 : OK
+ *          -1 : Error
+ *          -2 : rule not found */
 int
 delete_filter_rule(const char * ifname, unsigned short port, int proto)
 {
 	return priv_delete_filter_rule(ifname, port, proto, 0);
 }
 
+/* returns:  0 : OK
+ *          -1 : Error
+ *          -2 : rule not found */
 int
 delete_redirect_and_filter_rules(const char * ifname, unsigned short eport,
                                  int proto)
@@ -1253,7 +1280,7 @@ get_redirect_rule_by_index(int index,
                            unsigned int * timestamp,
                            u_int64_t * packets, u_int64_t * bytes)
 {
-	int n;
+	int n, r;
 	unsigned int tnum;
 	struct pfioc_rule pr;
 #ifndef PF_NEWSTYLE
@@ -1273,19 +1300,19 @@ get_redirect_rule_by_index(int index,
 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-		goto error;
+		return -1;
 	}
 	n = pr.nr;
-	if(index >= n)
-		goto error;
+	r = -1;
 #ifdef PF_RELEASETICKETS
 	tnum = pr.ticket;
 #endif /* PF_RELEASETICKETS */
+	if(index >= n)
+		goto error;
 	pr.nr = index;
 	if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
-		release_ticket(dev, tnum);
 		goto error;
 	}
 	*proto = pr.rule.proto;
@@ -1370,10 +1397,10 @@ get_redirect_rule_by_index(int index,
 	}
 	if(timestamp)
 		*timestamp = get_timestamp(*eport, *proto);
-	release_ticket(dev, tnum);
-	return 0;
+	r = 0;
 error:
-	return -1;
+	release_ticket(dev, tnum);
+	return r;
 }
 
 /* return an (malloc'ed) array of "external" port for which there is
@@ -1457,7 +1484,9 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
 	return array;
 }
 
-/* update the port mapping internal port, description and timestamp */
+/* update the port mapping internal port, description and timestamp
+ * returns:  0 : OK
+ *          -1 : Error */
 int
 update_portmapping(const char * ifname, unsigned short eport, int proto,
                    unsigned short iport, const char * desc,