Browse Source

Change the default PF policy to "block return", including x11 as

suggested by naddy@.  This solves the problem that occurs when a
server crashes or is hard booted and comes back up without tearing
down any connections to it, and packets from these connections don't
match any existing state or rule and are silenty dropped.
ok phessler@ henning@ claudio@ dlg@
OPENBSD_5_5
dtucker 10 years ago
parent
commit
65f45be470
1 changed files with 3 additions and 3 deletions
  1. +3
    -3
      src/etc/pf.conf

+ 3
- 3
src/etc/pf.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
# $OpenBSD: pf.conf,v 1.53 2014/01/25 10:28:36 dtucker Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@ -16,7 +16,7 @@ set skip on lo
# anchor for relayd(8)
#anchor "relayd/*"
block # block stateless traffic
block return # block stateless traffic
pass # establish keep-state
# rules for spamd(8)
@ -32,4 +32,4 @@ pass # establish keep-state
#block in quick from urpf-failed to any # use with care
# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010
block return in on ! lo0 proto tcp to port 6000:6010

Loading…
Cancel
Save