diff options
author | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-07-01 17:16:04 +0000 |
---|---|---|
committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-07-01 17:16:04 +0000 |
commit | 0834bde8262d89fe0a1b8f247c760c2ef2ee40fe (patch) | |
tree | c71dcaa9b2c24e868ed133b741278e6837283cd9 /sbin/pfctl | |
parent | 88de2e0615dc2d5e815c81c7c23d6dd7066bd40d (diff) |
Add port ranges to the rdr directive. Connections can be redirected
to either a range of the same size, or a single port. Redirects
between ranges of different sizes are not supported. Eg:
rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp
rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp
This replaces the wildcard port patch (when port = 0), as it should no
longer be necessary. ok dhartmei@
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 74d9418ba6b..074407a5640 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.23 2001/07/01 17:04:13 kjell Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.24 2001/07/01 17:16:02 kjell Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -282,9 +282,14 @@ print_rdr(struct pf_rdr *r) printf("/"); print_addr(r->dmask); } - printf(" port %u -> ", ntohs(r->dport)); + printf(" port %u", ntohs(r->dport)); + if (r->opts & PF_DPORT_RANGE) + printf(":%u", ntohs(r->dport2)); + printf(" -> "); print_addr(r->raddr); printf(" port %u", ntohs(r->rport)); + if (r->opts & PF_RPORT_RANGE) + printf(":*"); switch (r->proto) { case IPPROTO_TCP: printf(" proto tcp"); @@ -979,7 +984,7 @@ parse_nat(int n, char *l, struct pf_nat *nat) int parse_rdr(int n, char *l, struct pf_rdr *rdr) { - char *w; + char *w, *s; memset(rdr, 0, sizeof(struct pf_rdr)); w = next_word(&l); @@ -1017,7 +1022,17 @@ parse_rdr(int n, char *l, struct pf_rdr *rdr) return (0); } w = next_word(&l); - rdr->dport = htons(next_number(&w)); + /* check for port range */ + if ((s = strchr(w, ':')) == NULL) { + rdr->dport = htons(next_number(&w)); + rdr->dport2 = rdr->dport; + } else { + *s++ = '\0'; + rdr->dport = htons(next_number(&w)); + rdr->dport2 = htons(next_number(&s)); + rdr->opts |= PF_DPORT_RANGE; + } + w = next_word(&l); /* -> */ @@ -1037,6 +1052,11 @@ parse_rdr(int n, char *l, struct pf_rdr *rdr) return (0); } w = next_word(&l); + /* check if redirected port is a range */ + if ((s = strchr(w, ':')) != NULL) { + rdr->opts |= PF_RPORT_RANGE; + } + rdr->rport = htons(next_number(&w)); w = next_word(&l); |