Google Git
Sign in
gbmc/meta-gbmc-staging/4c9ef92ac7bdaaccf0052463f732a020f18e57d8^!/.
commit
4c9ef92ac7bdaaccf0052463f732a020f18e57d8
[log]
author
Yuxiao Zhang <yuxiaozhang@google.com>
Wed Jul 23 13:33:17 2025 -0700
committer
Yuxiao Zhang <yuxiaozhang@google.com>
Thu Jul 24 16:48:41 2025 -0700
tree
d43ada9f90eb717dee830a40367da98b80c29b71
parent
6df273ffc9f9fac2f756d022914f3edfe63281de [diff]
openssh: move nftable rule to staging layer

Tested: image booted with qemu and rule is present

Fusion-Link: https://fusion2.corp.google.com/5fd45600-cead-3853-af48-f57d0000f1ee
Google-Bug-Id: N/A
Change-Id: I710315e18ff8e946288fdfbc95bbe239a1c7386a
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>

diff --git a/recipes-connectivity/openssh/openssh/50-openssh-dev.rules b/recipes-connectivity/openssh/openssh/50-openssh-dev.rules
new file mode 100644
index 0000000..72bfa3a
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh/50-openssh-dev.rules

@@ -0,0 +1,5 @@
+table inet filter {
+    chain gbmc_br_pub_input {
+        tcp dport 22 accept
+    }
+}

diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_%.bbappend
new file mode 100644
index 0000000..eb8353d
--- /dev/null
+++ b/recipes-connectivity/openssh/openssh_%.bbappend

@@ -0,0 +1,15 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+# Same as Dropbear
+# http://cs/gbmc/gbmc/meta-google/recipes-core/dropbear/dropbear_%25.bbappend
+SRC_URI:append:gbmc = " \
+  file://50-openssh-dev.rules \
+"
+
+do_install:append:gbmc() {
+  nftables_dir=${D}${sysconfdir}/nftables
+  rules=$nftables_dir/50-openssh-dev.rules
+  install -Dm 0644 ${WORKDIR}/50-openssh-dev.rules \
+      $rules
+}
+