summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2002-07-15 18:13:54 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2002-07-15 18:13:54 +0000
commit7f9d5eb17013eeb0bfd243318968e1013671d406 (patch)
tree714f12d3d83b9406925613a7b9f954393c62a92d
parente44f0c6d8183c1c1905f32452429309fc9008f40 (diff)
add support for
pass|block on ! $interface ... ok dhartmei@ will be documented in pf.conf(5) by "I'm not slacking!" pb@ who's currently reworking this manpage
-rw-r--r--sbin/pfctl/parse.y10
-rw-r--r--sbin/pfctl/pfctl_parser.c10
2 files changed, 9 insertions, 11 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 335812592ef..18d7168c1e2 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.119 2002/07/15 15:44:15 pb Exp $ */
+/* $OpenBSD: parse.y,v 1.120 2002/07/15 18:13:53 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -351,13 +351,6 @@ pfrule : action dir log quick interface route af proto fromto
r.log = $3;
r.quick = $4;
- if ($5 != NULL)
- if ($5->not) {
- yyerror("'pass/block on ! $interface' "
- "isn't supported.");
- YYERROR;
- }
-
r.af = $7;
r.flags = $12.b1;
r.flagset = $12.b2;
@@ -1862,6 +1855,7 @@ expand_rule(struct pf_rule *r,
strlcpy(r->label, label, PF_RULE_LABEL_SIZE);
expand_label(r->label, r->af, src_host, src_port,
dst_host, dst_port, proto->proto);
+ r->ifnot = interface->not;
r->proto = proto->proto;
r->src.addr = src_host->addr;
r->src.mask = src_host->mask;
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 3021c814448..d6c552a2eca 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.92 2002/07/01 05:28:22 deraadt Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.93 2002/07/15 18:13:53 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -670,8 +670,12 @@ print_rule(struct pf_rule *r)
printf("log-all ");
if (r->quick)
printf("quick ");
- if (r->ifname[0])
- printf("on %s ", r->ifname);
+ if (r->ifname[0]) {
+ if (r->ifnot)
+ printf("on ! %s ", r->ifname);
+ else
+ printf("on %s ", r->ifname);
+ }
if (r->rt) {
if (r->rt == PF_ROUTETO)
printf("route-to ");