diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2002-09-08 12:57:36 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2002-09-08 12:57:36 +0000 |
| commit | a7443fb8ba9e6b903f2481041d620f6b6fcfa64e (patch) | |
| tree | 36b4387714a64f0a6360ac2b980d712c4f5d1a1a | |
| parent | 4279c1ae5d0a873b2b6f30cd6aaaa38149578b2f (diff) | |
be more clueful wrt address family in nat/rdr rules.
behaviour noticed by Paul de Weerd, thanks!
ok dhartmei@
| -rw-r--r-- | sbin/pfctl/parse.y | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 42b84750607..0e4adb19372 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.144 2002/09/02 19:42:54 dhartmei Exp $ */ +/* $OpenBSD: parse.y,v 1.145 2002/09/08 12:57:35 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1230,6 +1230,14 @@ natrule : no NAT interface af proto fromto redirection nat.no = $1; nat.af = $4; + + if (!nat.af) { + if ($6.src.host && $6.src.host->af) + nat.af = $6.src.host->af; + else if ($6.dst.host && $6.dst.host->af) + nat.af = $6.dst.host->af; + } + if (nat.no) { if ($7 != NULL) { yyerror("'no nat' rule does not need " @@ -1397,6 +1405,8 @@ rdrrule : no RDR interface af proto FROM ipspec TO ipspec dport redirection memcpy(&rdr.smask, &$7->mask, sizeof(rdr.smask)); rdr.snot = $7->not; + if (!rdr.af) + rdr.af = $7->af; } if ($9 != NULL) { memcpy(&rdr.daddr, &$9->addr, @@ -1404,6 +1414,8 @@ rdrrule : no RDR interface af proto FROM ipspec TO ipspec dport redirection memcpy(&rdr.dmask, &$9->mask, sizeof(rdr.dmask)); rdr.dnot = $9->not; + if (!rdr.af) + rdr.af = $9->af; } rdr.dport = $10.a; |