| version 1.423, 2014/03/15 22:13:36 |
version 1.424, 2014/04/19 16:07:09 |
|
|
| RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" |
RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" |
| RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" |
RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" |
| fi |
fi |
| RULES="$RULES\npass proto carp keep state (no-sync)" |
RULES="$RULES\npass in proto carp keep state (no-sync)" |
| |
RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
| case `sysctl vfs.mounts.nfs 2>/dev/null` in |
case `sysctl vfs.mounts.nfs 2>/dev/null` in |
| *[1-9]*) |
*[1-9]*) |
| # don't kill NFS |
# don't kill NFS |
| RULES="set reassemble yes no-df\n$RULES" |
RULES="set reassemble yes no-df\n$RULES" |
| RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" |
RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" |
| RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" |
RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 } !received-on any" |
| ;; |
;; |
| esac |
esac |
| echo $RULES | pfctl -f - |
echo $RULES | pfctl -f - |
![[BACK]](/icons/back.gif){kind=icon}
Return to rc CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc