diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-11-22 13:44:21 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-11-22 13:44:21 +0000 |
| commit | a3deb2493a914dbdfd2811ba76e742fc93d2b742 (patch) | |
| tree | 80f76eebbc2bdaf803febda08c1bb018ef8ce996 /sbin/pfctl | |
| parent | 8c803e509bda74af2ccc5e8a1bde09c1279b26b1 (diff) | |
daniel stumbled over a broken regress test, and it turned out that I forgot
to commit a diff from 11/6...
do not insert the "block in on ! interface" rule for antispoof statements when
the interface in question does not have any IP address, because that then
expands to
block in on ! interface all
which is obviously bad.
niklas@ found it, dhartmei@ ok, and I think some more ppl ok I don't remember
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index f2a17991b3e..a03875dcad8 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.422 2003/11/14 13:51:09 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.423 2003/11/22 13:44:20 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -817,8 +817,9 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { j->not = 1; h = ifa_lookup(j->ifname, PFCTL_IFLOOKUP_NET); - expand_rule(&r, j, NULL, NULL, NULL, h, NULL, - NULL, NULL, NULL, NULL, NULL); + if (h != NULL) + expand_rule(&r, j, NULL, NULL, NULL, h, + NULL, NULL, NULL, NULL, NULL, NULL); if ((i->ifa_flags & IFF_LOOPBACK) == 0) { bzero(&r, sizeof(r)); |