version 1.194, 2002/05/23 19:38:18 |
version 1.195, 2002/05/23 20:47:57 |
|
|
|
|
if [ "X${pf}" != X"NO" ]; then |
if [ "X${pf}" != X"NO" ]; then |
RULES="block in all\nblock out all" |
RULES="block in all\nblock out all" |
|
RULES="$RULES\npass in proto tcp from any to any port 22 keep state" |
case `sysctl vfs.mounts.nfs 2>/dev/null` in |
case `sysctl vfs.mounts.nfs 2>/dev/null` in |
*[1-9]*) |
*[1-9]*) |
# don't kill NFS |
# don't kill NFS |
RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" |
RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" |
RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" |
RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" |
RULES="$RULES\npass in proto tcp from any to any port 22 keep state" |
|
;; |
;; |
esac |
esac |
echo $RULES | pfctl -R - -e |
echo $RULES | pfctl -R - -e |