Service Startup Arguments

encrypt1d

How might one add an additional command line argument to the miniupnpd service at startup? (Working with pfSense CE 2.7.2)

By default, the command executed is this:

  0 78152     1  2  20  0  18628   7724 select   Ss    -    0:00.03 /usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid

I would like to simply add a "-vv" to it.

The only service configuration file I can find is in:

/usr/local/etc/rc.d/miniupnpd

Adding the option to the line below has no effect:

command_args="-vv -f $miniupnpd_config"

I also tried a custom patch to edit the file and auto-apply on startup, which successfully applied, and changed the file, but still the service starts up with the default arguments after a reboot or service restart.

I also tried copying my changes into a miniupnpd.local file within /usr/local/etc/rc.d/ and that also has no effect.

Ideally, I'd like to do this as a patch so that it survives restarts/upgrades.

stephenw10

You want it to run with verbose output every time?

Usually I stop the process and start it manually with the versbose switch at the CLI to troubleshoot. But then restart it back in the normal mode afterwards.

encrypt1d

@stephenw10 said in Service Startup Arguments:

You want it to run with verbose output every time?

Yes that's correct. It's the only way to ensure the port/NAT manipulation logs are sent to my SIEM for ever and ever. They only get generated with the verbosity option set.

encrypt1d

I think I found the place in:

/etc/inc/services.inc

encrypt1d

This is working. I can't test a reboot for persistence just now though.

For anyone that wants it, this is the patch I used (use at own risk). It seems that the -v gives enough info, so I didn't use -vv.

--- a/etc/inc/services.inc      2024-03-19 14:22:36.023371000 -0400
+++ b/etc/inc/services.inc      2024-03-19 14:22:02.406017000 -0400
@@ -5006,1 +5006,1 @@
-                               mwexec_bg("/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P {$g['varrun_path']}/miniupnpd.pid");
+                               mwexec_bg("/usr/local/sbin/miniupnpd -v -f /var/etc/miniupnpd.conf -P {$g['varrun_path']}/miniupnpd.pid");

Use a Path Strip Count of 1, and base directory "/".

encrypt1d

@stephenw10 The remaining question I have, is whether or not I did this in the 'correct' place, or if there is a more appropriate location.

stephenw10

That looks correct yes.

You might want to open a feature request to have that added as a config option. That would be useful for debugging.

encrypt1d

@stephenw10 I agree. That is through redmine correct?

stephenw10

Yes in redmine.

encrypt1d

https://redmine.pfsense.org/issues/15355

Has been created for this.
Thanks