Browse Source

Sigh, add the rule in the right place (not just when NFS is used).

From Dries Schellekens
OPENBSD_3_2
dhartmei 22 years ago
parent
commit
2b48205e68
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      src/etc/rc

+ 2
- 2
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.194 2002/05/23 19:38:18 dhartmei Exp $
# $OpenBSD: rc,v 1.195 2002/05/23 20:47:57 dhartmei Exp $
# System startup script run by init on autoboot # System startup script run by init on autoboot
# or after single-user. # or after single-user.
@ -120,12 +120,12 @@ ttyflags -a
if [ "X${pf}" != X"NO" ]; then if [ "X${pf}" != X"NO" ]; then
RULES="block in all\nblock out all" RULES="block in all\nblock out all"
RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
case `sysctl vfs.mounts.nfs 2>/dev/null` in case `sysctl vfs.mounts.nfs 2>/dev/null` in
*[1-9]*) *[1-9]*)
# don't kill NFS # don't kill NFS
RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any"
RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }"
RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
;; ;;
esac esac
echo $RULES | pfctl -R - -e echo $RULES | pfctl -R - -e


Loading…
Cancel
Save