diff options
| author |   camield <camield@openbsd.org> | 2002-11-14 09:02:28 +0000 |
|---|---|---|
| committer | camield <camield@openbsd.org> | 2002-11-14 09:02:28 +0000 |
| commit | ae072502495e410fd89362b12b81c13d0f7c60f1 (patch) | |
| tree | 00d911968ae6e7d2a10e593b075178a01dd9a229 | |
| parent | mark tx as altq-ready. (diff) | |
| download | wireguard-openbsd-ae072502495e410fd89362b12b81c13d0f7c60f1.tar.xz wireguard-openbsd-ae072502495e410fd89362b12b81c13d0f7c60f1.zip | |
Allow host to do dns lookups in the initial ruleset. This way, pfctl
can properly boot rulesets with dns addresses in it.
| -rw-r--r-- | etc/rc | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.207 2002/10/14 07:34:25 mpech Exp $ +# $OpenBSD: rc,v 1.208 2002/11/14 09:02:28 camield Exp $ # System startup script run by init on autoboot # or after single-user. @@ -121,6 +121,7 @@ ttyflags -a if [ "X${pf}" != X"NO" ]; then RULES="block in all\nblock out all" RULES="$RULES\npass in proto tcp from any to any port 22 keep state" + RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" case `sysctl vfs.mounts.nfs 2>/dev/null` in *[1-9]*) # don't kill NFS |