summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-10-06 17:04:54 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-10-06 17:04:54 +0000
commitef822adaa3e227a2f075dc23611416bc535f6535 (patch)
treed95195ac7075fa78a0f68e67f48d50f9fcdfd312
parentd9f56441b8f1580e20f450d7ede663e5060e5488 (diff)
Print 'flags any' correctly and handle anchors.
-rw-r--r--sbin/pfctl/pfctl_parser.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 7e8d4e2844a..a6eb255858c 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.229 2006/10/06 16:42:03 mcbride Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.230 2006/10/06 17:04:53 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -793,7 +793,11 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
print_flags(r->flags);
printf("/");
print_flags(r->flagset);
- }
+ } else if (r->action == PF_PASS &&
+ (!r->proto || r->proto == IPPROTO_TCP) &&
+ !(r->rule_flag & PFRULE_FRAGMENT) &&
+ !anchor_call[0])
+ printf(" flags any");
if (r->type) {
const struct icmptypeent *it;
@@ -818,7 +822,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
}
if (r->tos)
printf(" tos 0x%2.2x", r->tos);
- if (!r->keep_state && r->action == PF_PASS)
+ if (!r->keep_state && r->action == PF_PASS && !anchor_call[0])
printf(" no state");
else if (r->keep_state == PF_STATE_NORMAL)
printf(" keep state");