openssh: move nftable rule to staging layer
Tested: image booted with qemu and rule is present
Fusion-Link: https://fusion2.corp.google.com/5fd45600-cead-3853-af48-f57d0000f1ee
Google-Bug-Id: N/A
Change-Id: I710315e18ff8e946288fdfbc95bbe239a1c7386a
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
diff --git a/recipes-connectivity/openssh/openssh/50-openssh-dev.rules b/recipes-connectivity/openssh/openssh/50-openssh-dev.rules
new file mode 100644
index 0000000..72bfa3a
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh/50-openssh-dev.rules
@@ -0,0 +1,5 @@
+table inet filter {
+ chain gbmc_br_pub_input {
+ tcp dport 22 accept
+ }
+}
diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_%.bbappend
new file mode 100644
index 0000000..eb8353d
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_%.bbappend
@@ -0,0 +1,15 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+# Same as Dropbear
+# http://cs/gbmc/gbmc/meta-google/recipes-core/dropbear/dropbear_%25.bbappend
+SRC_URI:append:gbmc = " \
+ file://50-openssh-dev.rules \
+"
+
+do_install:append:gbmc() {
+ nftables_dir=${D}${sysconfdir}/nftables
+ rules=$nftables_dir/50-openssh-dev.rules
+ install -Dm 0644 ${WORKDIR}/50-openssh-dev.rules \
+ $rules
+}
+
