pfctl -f instead of -N/-R, ok deraadt@

22 years ago · 0b36d72022
--- a/src/etc/rc
+++ b/src/etc/rc
@ -1,4 +1,4 @@
 #	$OpenBSD: rc,v 1.197 2002/06/09 21:15:54 hin Exp $
 #	$OpenBSD: rc,v 1.198 2002/06/11 04:51:39 dhartmei Exp $

 # System startup script run by init on autoboot
 # or after single-user.
@ -128,7 +128,7 @@ if [ "X${pf}" != X"NO" ]; then
 		RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }"
 		;;
 	esac
 	echo $RULES | pfctl -R - -e
 	echo $RULES | pfctl -f - -e
 fi

 if [ -f /etc/sysctl.conf ]; then
@ -147,11 +147,8 @@ echo 'starting network'
 . /etc/netstart

 if [ "X${pf}" != X"NO" ]; then
 	if [ -f ${nat_rules} ]; then
 		pfctl -N ${nat_rules}
 	fi
 	if [ -f ${pf_rules} ]; then
 		pfctl -R ${pf_rules}
 		pfctl -f ${pf_rules}
 	fi
 fi

--- a/src/etc/rc.conf
+++ b/src/etc/rc.conf
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
 #	$OpenBSD: rc.conf,v 1.73 2002/06/09 21:15:54 hin Exp $
 #	$OpenBSD: rc.conf,v 1.74 2002/06/11 04:51:39 dhartmei Exp $

 # set these to "NO" to turn them off.  otherwise, they're used as flags
 routed_flags=NO		# for normal use: "-q"
@ -81,7 +81,6 @@ syslogd_flags=			# add more flags, ie. "-u -a /chroot/dev/log"
 named_user=named		# Named should not run as root unless necessary
 named_chroot=/var/named		# Where to chroot named if not empty
 pf_rules=/etc/pf.conf		# Packet filter rules file
 nat_rules=/etc/nat.conf		# NAT rules file
 pflogd_flags=			# add more flags, ie. "-s 256"
 afs_mount_point=/afs		# Mountpoint for AFS
 afs_device=/dev/xfs0		# Device used by afsd