From 1331f9dd50b3a87f48ff47181376c77fbdb1048f Mon Sep 17 00:00:00 2001
From: camield <>
Date: Wed, 15 Jan 2003 09:25:46 +0000
Subject: [PATCH] Allow outbound ping in initial pf rules.

dhclient needs this to validate old (but valid) leases in
/var/db/dhclient.leases in case it needs to fall back to such a
lease.  (the dhcp server can be down or not responding)

Reported by Chris Jepeway.

"makes sense"  henning dhartmei
---
 src/etc/rc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/etc/rc b/src/etc/rc
index 662bf90e..7a7115ce 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.214 2003/01/06 20:40:39 marc Exp $
+#	$OpenBSD: rc,v 1.215 2003/01/15 09:25:46 camield Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -122,6 +122,7 @@ if [ "X${pf}" != X"NO" ]; then
 	RULES="block all"
 	RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
 	RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state"
+	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
 	case `sysctl vfs.mounts.nfs 2>/dev/null` in
 	*[1-9]*)
 		# don't kill NFS