K 10
svn:author
V 5
dbaio
K 8
svn:date
V 27
2018-04-24T01:06:47.825405Z
K 7
svn:log
V 891
dns/dnscrypt-proxy2: Add mac_portacl option in rc script

Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.

By default, this port's daemon will listen on port 5353 (TCP/UDP).

With this option it's possible to bind it and listen on port 53 (TCP/UDP)
with mac_portacl(4) kernel module (network port access control policy).
For this add dnscrypt_proxy_mac_portacl_enable=YES in your rc.conf.
The dnscrypt-proxy startup script will load mac_portacl and add a rule
where %%USER%% user will be able to bind on port 53 (TCP/UDP). This port
can be changed by dnscrypt_proxy_mac_portacl_port variable in your rc.conf.
You also need to change dnscrypt-proxy config file to use port 53.

Suggested by:	feld
Approved by:	egypcio@googlemail.com (maintainer)
Differential Revision:	https://reviews.freebsd.org/D15151

END