diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-02-14 13:23:18 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-02-14 13:23:18 +0000 |
| commit | 0a3e14798b2df967837346d1c1d91a5f2aa84bd1 (patch) | |
| tree | cca6629768e34dcb48e74c427e6661cbf7aca1a0 /sbin/pfctl | |
| parent | 4844b203355d5b780325507fbf8e31fbcad592d5 (diff) | |
Better and more consistent error message.
Ok dhartmei@
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 2f924cf5d0e..03c2594ba1f 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.316 2003/02/13 10:26:21 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.317 2003/02/14 13:23:17 cedric Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2426,9 +2426,15 @@ binatrule : no BINAT interface af proto FROM host TO ipspec redirection binat.proto = $5->proto; free($5); } + if ($7 != NULL && disallow_table($7, "invalid use of " "table <%s> as the source address of a binat rule")) YYERROR; + if ($10 != NULL && $10->host != NULL && disallow_table( + $10->host, "invalid use of table <%s> as the " + "redirect address of a binat rule")) + YYERROR; + if ($7 != NULL && $9 != NULL && $7->af != $9->af) { yyerror("binat ip versions must match"); YYERROR; |