diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-05-23 20:47:58 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-05-23 20:47:58 +0000 |
| commit | ee868ea5f0b71de02f9077a2b9f245c7a9f80e6f (patch) | |
| tree | aadd49c97a6b1b966a6ddfc5a351fc303a0a86cc | |
| parent | b2497a37edf71ea1a83936bf72e6f4424a483c55 (diff) | |
Sigh, add the rule in the right place (not just when NFS is used).
From Dries Schellekens
| -rw-r--r-- | etc/rc | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.194 2002/05/23 19:38:18 dhartmei Exp $ +# $OpenBSD: rc,v 1.195 2002/05/23 20:47:57 dhartmei Exp $ # System startup script run by init on autoboot # or after single-user. @@ -120,12 +120,12 @@ ttyflags -a if [ "X${pf}" != X"NO" ]; then RULES="block in all\nblock out all" + RULES="$RULES\npass in proto tcp from any to any port 22 keep state" case `sysctl vfs.mounts.nfs 2>/dev/null` in *[1-9]*) # don't kill NFS RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" - RULES="$RULES\npass in proto tcp from any to any port 22 keep state" ;; esac echo $RULES | pfctl -R - -e |