[src/trunk]: src/share/examples/npf With bin/54124 fixed, the rule needs to b...

[sevan <sevan%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5dff669ebe50
branches:  trunk
changeset: 459685:5dff669ebe50
user:      sevan <sevan%NetBSD.org@localhost>
date:      Sat Sep 21 11:46:25 2019 +0000

description:
With bin/54124 fixed, the rule needs to be explicitly set to stateful.

diffstat:

 share/examples/npf/host-npf.conf |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (18 lines):

diff -r 9dcce016c646 -r 5dff669ebe50 share/examples/npf/host-npf.conf
--- a/share/examples/npf/host-npf.conf  Sat Sep 21 11:24:35 2019 +0000
+++ b/share/examples/npf/host-npf.conf  Sat Sep 21 11:46:25 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.10 2019/04/16 10:52:28 sevan Exp $
+# $NetBSD: host-npf.conf,v 1.11 2019/09/21 11:46:25 sevan Exp $
 #
 # Simple ruleset for a host with (i.e., not routing) two interfaces,
 # ethernet and wifi.
@@ -31,7 +31,7 @@
     ruleset "blacklistd"
 
     # Allow SSH on wired interface and log all connection attempts
-    pass in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
+    pass stateful in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
 }
 
 group "wifi" on $wifi_if {