From 06074e6554e8bf2aceea8b92facac21b93b9a898 Mon Sep 17 00:00:00 2001
From: dhartmei <>
Date: Thu, 23 May 2002 19:38:18 +0000
Subject: [PATCH] Allow incoming ssh connections in the initial temporary rule
 set that's active before /etc/pf.conf is loaded, just in case loading fails
 (and leaves the inital set active). ok deraadt@

---
 src/etc/rc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/etc/rc b/src/etc/rc
index 895a7b4f..d9624305 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.193 2002/02/25 03:30:46 deraadt Exp $
+#	$OpenBSD: rc,v 1.194 2002/05/23 19:38:18 dhartmei Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -125,6 +125,7 @@ if [ "X${pf}" != X"NO" ]; then
 		# don't kill NFS
 		RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any"
 		RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }"
+		RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
 		;;
 	esac
 	echo $RULES | pfctl -R - -e