summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorKjell Wooding <kjell@cvs.openbsd.org>2001-07-01 17:16:04 +0000
committerKjell Wooding <kjell@cvs.openbsd.org>2001-07-01 17:16:04 +0000
commit0834bde8262d89fe0a1b8f247c760c2ef2ee40fe (patch)
treec71dcaa9b2c24e868ed133b741278e6837283cd9 /sbin/pfctl
parent88de2e0615dc2d5e815c81c7c23d6dd7066bd40d (diff)
Add port ranges to the rdr directive. Connections can be redirected
to either a range of the same size, or a single port. Redirects between ranges of different sizes are not supported. Eg: rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp This replaces the wildcard port patch (when port = 0), as it should no longer be necessary. ok dhartmei@
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/pfctl_parser.c28
1 files changed, 24 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 74d9418ba6b..074407a5640 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.23 2001/07/01 17:04:13 kjell Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.24 2001/07/01 17:16:02 kjell Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -282,9 +282,14 @@ print_rdr(struct pf_rdr *r)
printf("/");
print_addr(r->dmask);
}
- printf(" port %u -> ", ntohs(r->dport));
+ printf(" port %u", ntohs(r->dport));
+ if (r->opts & PF_DPORT_RANGE)
+ printf(":%u", ntohs(r->dport2));
+ printf(" -> ");
print_addr(r->raddr);
printf(" port %u", ntohs(r->rport));
+ if (r->opts & PF_RPORT_RANGE)
+ printf(":*");
switch (r->proto) {
case IPPROTO_TCP:
printf(" proto tcp");
@@ -979,7 +984,7 @@ parse_nat(int n, char *l, struct pf_nat *nat)
int
parse_rdr(int n, char *l, struct pf_rdr *rdr)
{
- char *w;
+ char *w, *s;
memset(rdr, 0, sizeof(struct pf_rdr));
w = next_word(&l);
@@ -1017,7 +1022,17 @@ parse_rdr(int n, char *l, struct pf_rdr *rdr)
return (0);
}
w = next_word(&l);
- rdr->dport = htons(next_number(&w));
+ /* check for port range */
+ if ((s = strchr(w, ':')) == NULL) {
+ rdr->dport = htons(next_number(&w));
+ rdr->dport2 = rdr->dport;
+ } else {
+ *s++ = '\0';
+ rdr->dport = htons(next_number(&w));
+ rdr->dport2 = htons(next_number(&s));
+ rdr->opts |= PF_DPORT_RANGE;
+ }
+
w = next_word(&l);
/* -> */
@@ -1037,6 +1052,11 @@ parse_rdr(int n, char *l, struct pf_rdr *rdr)
return (0);
}
w = next_word(&l);
+ /* check if redirected port is a range */
+ if ((s = strchr(w, ':')) != NULL) {
+ rdr->opts |= PF_RPORT_RANGE;
+ }
+
rdr->rport = htons(next_number(&w));
w = next_word(&l);