|
|
|
@ -1,4 +1,4 @@ |
|
|
|
# $OpenBSD: rc,v 1.473 2015/12/06 13:51:41 rpe Exp $ |
|
|
|
# $OpenBSD: rc,v 1.474 2015/12/29 19:41:24 rpe Exp $ |
|
|
|
|
|
|
|
# System startup script run by init on autoboot or after single-user. |
|
|
|
# Output and error are redirected to console by init, and the console is the |
|
|
|
@ -238,9 +238,7 @@ if [[ $1 == shutdown ]]; then |
|
|
|
|
|
|
|
# Bring carp interfaces down gracefully. |
|
|
|
ifconfig | while read _if _junk; do |
|
|
|
case $_if in |
|
|
|
carp+([0-9]):) ifconfig ${_if%:} down ;; |
|
|
|
esac |
|
|
|
[[ $_if == carp+([0-9]): ]] && ifconfig ${_if%:} down |
|
|
|
done |
|
|
|
|
|
|
|
exit 0 |
|
|
|
@ -293,14 +291,12 @@ if [[ $pf != NO ]]; then |
|
|
|
fi |
|
|
|
RULES="$RULES\npass in proto carp keep state (no-sync)" |
|
|
|
RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
|
|
|
case $(sysctl vfs.mounts.nfs 2>/dev/null) in |
|
|
|
*[1-9]*) |
|
|
|
if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then |
|
|
|
# Don't kill NFS. |
|
|
|
RULES="set reassemble yes no-df\n$RULES" |
|
|
|
RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" |
|
|
|
RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" |
|
|
|
;; |
|
|
|
esac |
|
|
|
fi |
|
|
|
print -- "$RULES" | pfctl -f - |
|
|
|
pfctl -e |
|
|
|
fi |
|
|
|
|
rpe
9 years ago