diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 18:13:54 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 18:13:54 +0000 |
commit | 7f9d5eb17013eeb0bfd243318968e1013671d406 (patch) | |
tree | 714f12d3d83b9406925613a7b9f954393c62a92d /sbin/pfctl | |
parent | e44f0c6d8183c1c1905f32452429309fc9008f40 (diff) |
add support for
pass|block on ! $interface ...
ok dhartmei@
will be documented in pf.conf(5) by "I'm not slacking!" pb@ who's currently
reworking this manpage
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/parse.y | 10 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 10 |
2 files changed, 9 insertions, 11 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 335812592ef..18d7168c1e2 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.119 2002/07/15 15:44:15 pb Exp $ */ +/* $OpenBSD: parse.y,v 1.120 2002/07/15 18:13:53 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -351,13 +351,6 @@ pfrule : action dir log quick interface route af proto fromto r.log = $3; r.quick = $4; - if ($5 != NULL) - if ($5->not) { - yyerror("'pass/block on ! $interface' " - "isn't supported."); - YYERROR; - } - r.af = $7; r.flags = $12.b1; r.flagset = $12.b2; @@ -1862,6 +1855,7 @@ expand_rule(struct pf_rule *r, strlcpy(r->label, label, PF_RULE_LABEL_SIZE); expand_label(r->label, r->af, src_host, src_port, dst_host, dst_port, proto->proto); + r->ifnot = interface->not; r->proto = proto->proto; r->src.addr = src_host->addr; r->src.mask = src_host->mask; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 3021c814448..d6c552a2eca 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.92 2002/07/01 05:28:22 deraadt Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.93 2002/07/15 18:13:53 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -670,8 +670,12 @@ print_rule(struct pf_rule *r) printf("log-all "); if (r->quick) printf("quick "); - if (r->ifname[0]) - printf("on %s ", r->ifname); + if (r->ifname[0]) { + if (r->ifnot) + printf("on ! %s ", r->ifname); + else + printf("on %s ", r->ifname); + } if (r->rt) { if (r->rt == PF_ROUTETO) printf("route-to "); |