With bin/54124 fixed, the rule needs to be explicitly set to stateful.

2019-09-21 11:46:25 +00:00 · 2019-09-21 11:46:25 +00:00 · b058b370e0
parent a65bb42f06
commit b058b370e0
1 changed files with 2 additions and 2 deletions
--- a/share/examples/npf/host-npf.conf
+++ b/share/examples/npf/host-npf.conf
@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.10 2019/04/16 10:52:28 sevan Exp $
+# $NetBSD: host-npf.conf,v 1.11 2019/09/21 11:46:25 sevan Exp $
 #
 # Simple ruleset for a host with (i.e., not routing) two interfaces,
 # ethernet and wifi.
@ -31,7 +31,7 @@ group "wired" on $wired_if {
    ruleset "blacklistd"

    # Allow SSH on wired interface and log all connection attempts
-    pass in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
+    pass stateful in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
 }

 group "wifi" on $wifi_if {