[BACK]Return to rc CVS log [TXT][DIR] Up to [local] / src / etc

Diff for /src/etc/rc between version 1.510 and 1.511

version 1.510, 2017/07/17 18:37:42 version 1.511, 2017/07/17 18:52:26
Line 399 
Line 399 
   
 # Set initial temporary pf rule set.  # Set initial temporary pf rule set.
 if [[ $pf != NO ]]; then  if [[ $pf != NO ]]; then
         RULES='          RULES="
         block all          block all
         pass on lo0          pass on lo0
         pass in proto tcp from any to any port ssh keep state          pass in proto tcp from any to any port ssh keep state
         pass out proto { tcp, udp } from any to any port domain keep state          pass out proto { tcp, udp } from any to any port domain keep state
         pass out inet proto icmp all icmp-type echoreq keep state          pass out inet proto icmp all icmp-type echoreq keep state
         pass out inet proto udp from any port bootpc to any port bootps          pass out inet proto udp from any port bootpc to any port bootps
         pass in inet proto udp from any port bootps to any port bootpc'          pass in inet proto udp from any port bootps to any port bootpc"
   
         if ifconfig lo0 inet6 >/dev/null 2>&1; then          if ifconfig lo0 inet6 >/dev/null 2>&1; then
                 RULES="$RULES                  RULES="$RULES
Line 422 
Line 422 
         pass in proto carp keep state (no-sync)          pass in proto carp keep state (no-sync)
         pass out proto carp !received-on any keep state (no-sync)"          pass out proto carp !received-on any keep state (no-sync)"
   
         # Don't kill NFS.  
         if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then          if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then
                   # Don't kill NFS.
                 RULES="set reassemble yes no-df                  RULES="set reassemble yes no-df
                 $RULES                  $RULES
                 pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any                  pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any
                 pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"                  pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
         fi          fi
   
         print -- "$RULES" | pfctl -f -          print -- "$RULES" | pfctl -f -
         pfctl -e          pfctl -e
 fi  fi
Legend:
Removed from v.1.510  
changed lines
  Added in v.1.511