diff options
| author | Camiel Dobbelaar <camield@cvs.openbsd.org> | 2002-11-14 09:02:29 +0000 |
|---|---|---|
| committer | Camiel Dobbelaar <camield@cvs.openbsd.org> | 2002-11-14 09:02:29 +0000 |
| commit | fe8301cb0911366f651960c3fa105c7cb6288cb3 (patch) | |
| tree | 5249e0730729da186f6a159f6c1837f2675e4867 /etc/rc | |
| parent | f38b8606cfc33315839684fe6c466cbbeb2f74f5 (diff) | |
Allow host to do dns lookups in the initial ruleset. This way, pfctl
can properly boot rulesets with dns addresses in it.
Diffstat (limited to 'etc/rc')
| -rw-r--r-- | etc/rc | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.207 2002/10/14 07:34:25 mpech Exp $ +# $OpenBSD: rc,v 1.208 2002/11/14 09:02:28 camield Exp $ # System startup script run by init on autoboot # or after single-user. @@ -121,6 +121,7 @@ ttyflags -a if [ "X${pf}" != X"NO" ]; then RULES="block in all\nblock out all" RULES="$RULES\npass in proto tcp from any to any port 22 keep state" + RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" case `sysctl vfs.mounts.nfs 2>/dev/null` in *[1-9]*) # don't kill NFS |