Browse Source

Tweak previous.

OPENBSD_6_2
rpe 7 years ago
parent
commit
1f2252a387
1 changed files with 5 additions and 4 deletions
  1. +5
    -4
      src/etc/rc

+ 5
- 4
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.510 2017/07/17 18:37:42 rpe Exp $
# $OpenBSD: rc,v 1.511 2017/07/17 18:52:26 rpe Exp $
# System startup script run by init on autoboot or after single-user.
# Output and error are redirected to console by init, and the console is the
@ -399,14 +399,14 @@ wsconsctl_conf
# Set initial temporary pf rule set.
if [[ $pf != NO ]]; then
RULES='
RULES="
block all
pass on lo0
pass in proto tcp from any to any port ssh keep state
pass out proto { tcp, udp } from any to any port domain keep state
pass out inet proto icmp all icmp-type echoreq keep state
pass out inet proto udp from any port bootpc to any port bootps
pass in inet proto udp from any port bootps to any port bootpc'
pass in inet proto udp from any port bootps to any port bootpc"
if ifconfig lo0 inet6 >/dev/null 2>&1; then
RULES="$RULES
@ -422,13 +422,14 @@ if [[ $pf != NO ]]; then
pass in proto carp keep state (no-sync)
pass out proto carp !received-on any keep state (no-sync)"
# Don't kill NFS.
if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
# Don't kill NFS.
RULES="set reassemble yes no-df
$RULES
pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
fi
print -- "$RULES" | pfctl -f -
pfctl -e
fi


Loading…
Cancel
Save