diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2009-09-03 12:12:38 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2009-09-03 12:12:38 +0000 |
| commit | 7d3d7a403c8976696212a916f44b7e671b684f5a (patch) | |
| tree | 9598b76d50884e60b7826e794cb6bb979916fc2b /sbin/pfctl | |
| parent | 80099201416fa014ed0b1f7d111097630a299966 (diff) | |
fix two route-to vs. rdr-to conflicts.
found by sthen@
ok henning@
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index eba164a89ac..c853ab49920 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.564 2009/09/02 13:28:03 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.565 2009/09/03 12:12:37 reyk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -3881,7 +3881,8 @@ rule_consistent(struct pf_rule *r, int anchor_call) "synproxy state or modulate state"); problems++; } - if ((!TAILQ_EMPTY(&r->nat.list) || !TAILQ_EMPTY(&r->rdr.list)) && + if ((!TAILQ_EMPTY(&r->nat.list) || + !(r->rt || TAILQ_EMPTY(&r->rdr.list))) && r->action != PF_MATCH && !r->keep_state) { yyerror("nat-to and rdr-to require keep state"); problems++; @@ -3890,7 +3891,7 @@ rule_consistent(struct pf_rule *r, int anchor_call) yyerror("nat-to can only be used outbound"); problems++; } - if (!TAILQ_EMPTY(&r->rdr.list) && r->direction != PF_IN) { + if (!r->rt && !TAILQ_EMPTY(&r->rdr.list) && r->direction != PF_IN) { yyerror("rdr-to can only be used inbound"); problems++; } |