diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-05-13 23:02:16 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-05-13 23:02:16 +0000 |
| commit | 9f1874ae0ed270cc09f53906922475ab9322ce8f (patch) | |
| tree | cde5da45c3767054ab13341806f8bf5b70dfdd69 /sbin | |
| parent | f4472ee177825a5e03f08200a5fc363dd83be032 (diff) | |
make sure tagging is only ever used with stateful filter rules
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/pfctl/parse.y | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index f087cbbccf9..221a669a556 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.375 2003/05/13 21:15:07 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.376 2003/05/13 23:02:15 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2954,6 +2954,10 @@ filter_consistent(struct pf_rule *r) yyerror("keep state on block rules doesn't make sense"); problems++; } + if ((r->tagname[0] || r->match_tagname[0]) && !r->keep_state) { + yyerror("tags cannot be used without keep state"); + problems++; + } return (-problems); } |