diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-02-03 15:44:53 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-02-03 15:44:53 +0000 |
commit | 7f9e383105f5f9b02cb27c42cef4d4c8db12270b (patch) | |
tree | 04c73873049e4b9cc9b6e6d62ce2ee258d8d196e /regress/sbin/pfctl | |
parent | 59bf24a030195c8eb48026e6e0e377501ff16d32 (diff) |
Don't allow loopback interfaces as route/reply/dup-to targets. ok henning@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r-- | regress/sbin/pfctl/Makefile | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf46.in | 16 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf46.ok | 16 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail16.in | 3 |
4 files changed, 21 insertions, 18 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index 6de5d34fc8a..9ee520ba885 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.67 2003/01/30 15:32:22 henning Exp $ +# $OpenBSD: Makefile,v 1.68 2003/02/03 15:44:52 dhartmei Exp $ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 -PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 PFSIMPLE=1 2 PFSETUP=1 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 diff --git a/regress/sbin/pfctl/pf46.in b/regress/sbin/pfctl/pf46.in index 545c3c4caff..833be0ad7b1 100644 --- a/regress/sbin/pfctl/pf46.in +++ b/regress/sbin/pfctl/pf46.in @@ -1,8 +1,8 @@ -pass in on lo0 route-to { (lo0 127.0.0.1), (lo0 127.0.0.2) } all -pass out on lo0 route-to { (lo0 127.0.0.1), (lo0 127.0.0.2) } round-robin all -pass in on lo0 route-to (lo0 127.0.0.1/24) bitmask all -pass out on lo0 dup-to (lo0 127.0.0.1/24) random all -pass in on lo0 reply-to { lo0, lo0 } round-robin inet6 all -pass in on lo0 reply-to (lo0 127.0.0.0/28) source-hash 0x0123456789ABCDEF0123456789abcdef inet all -pass out on lo0 route-to (lo0 127.0.0.1/24) source-hash foobarlicious all -pass in on lo0 dup-to (lo0 127.0.0.1/24) round-robin all +pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } all +pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin all +pass in on lo0 route-to (pflog0 127.0.0.1/24) bitmask all +pass out on lo0 dup-to (pflog0 127.0.0.1/24) random all +pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789ABCDEF0123456789abcdef inet all +pass out on lo0 route-to (pflog0 127.0.0.1/24) source-hash foobarlicious all +pass in on lo0 dup-to (pflog0 127.0.0.1/24) round-robin all diff --git a/regress/sbin/pfctl/pf46.ok b/regress/sbin/pfctl/pf46.ok index 13630e5674e..79d6b4c2d4e 100644 --- a/regress/sbin/pfctl/pf46.ok +++ b/regress/sbin/pfctl/pf46.ok @@ -1,8 +1,8 @@ -pass in on lo0 route-to { (lo0 127.0.0.1), (lo0 127.0.0.2) } round-robin inet all -pass out on lo0 route-to { (lo0 127.0.0.1), (lo0 127.0.0.2) } round-robin inet all -pass in on lo0 route-to (lo0 127.0.0.0/24) bitmask inet all -pass out on lo0 dup-to (lo0 127.0.0.0/24) random inet all -pass in on lo0 reply-to { lo0, lo0 } round-robin inet6 all -pass in on lo0 reply-to (lo0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all -pass out on lo0 route-to (lo0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all -pass in on lo0 dup-to (lo0 127.0.0.0/24) round-robin inet all +pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all +pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all +pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all +pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all +pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all diff --git a/regress/sbin/pfctl/pfail16.in b/regress/sbin/pfctl/pfail16.in new file mode 100644 index 00000000000..3dc660c7ac4 --- /dev/null +++ b/regress/sbin/pfctl/pfail16.in @@ -0,0 +1,3 @@ +# route/reply/dup-to can't have a loopback interface as argument + +pass in on lo0 route-to lo0 inet all |