CVSROOT: /cvs
Module name: src
Changes by: st...@cvs.openbsd.org 2017/12/03 13:40:04
Modified files:
etc : pf.conf
Log message:
Disallow the _pbuild user from making TCP/UDP connections in the default
PF ruleset. This is not a complete block on _pbuild being able to communicate
(e.g. non-TCP/UDP protocols don't have a PCB with userid, so PF can't restrict
in those cases) but avoids some cases, and in particular makes it more obvious
when a port does things like download extra distfiles or dependencies
as part of the build process. Slight tweak from a diff by espie@.
