diff options
| author |   dhartmei <dhartmei@openbsd.org> | 2002-05-23 19:38:18 +0000 |
|---|---|---|
| committer | dhartmei <dhartmei@openbsd.org> | 2002-05-23 19:38:18 +0000 |
| commit | ca45f1350c60f67e41a1e59d3da472428f7330be (patch) | |
| tree | f7c438a365616c5198a4e5f318eb2d8c97b8585a | |
| parent | add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication (diff) | |
| download | wireguard-openbsd-ca45f1350c60f67e41a1e59d3da472428f7330be.tar.xz wireguard-openbsd-ca45f1350c60f67e41a1e59d3da472428f7330be.zip | |
Allow incoming ssh connections in the initial temporary rule set that's
active before /etc/pf.conf is loaded, just in case loading fails (and
leaves the inital set active). ok deraadt@
| -rw-r--r-- | etc/rc | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.193 2002/02/25 03:30:46 deraadt Exp $ +# $OpenBSD: rc,v 1.194 2002/05/23 19:38:18 dhartmei Exp $ # System startup script run by init on autoboot # or after single-user. @@ -125,6 +125,7 @@ if [ "X${pf}" != X"NO" ]; then # don't kill NFS RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" + RULES="$RULES\npass in proto tcp from any to any port 22 keep state" ;; esac echo $RULES | pfctl -R - -e |