summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-12-27 22:13:32 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-12-27 22:13:32 +0000
commita77e339c9b89425a583a1bab2a975d50a779df1c (patch)
treebc07ca5337530af96295e549abaea817dbc22189 /sbin
parent0f2aaee3bf5765755204a7204e66a03e67c18f29 (diff)
Since pf_norm.c looks at rule.log to see if it should log packets being
dropped due to scrub violations, this adds the ability to set this in pf.conf. ok henning@
Diffstat (limited to 'sbin')
-rw-r--r--sbin/pfctl/parse.y36
1 files changed, 21 insertions, 15 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index dd3416b31c5..6359012da51 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.269 2002/12/21 18:53:48 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.270 2002/12/27 22:13:31 mcbride Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -617,7 +617,7 @@ anchorrule : ANCHOR string dir interface af proto fromto {
}
;
-scrubrule : SCRUB dir interface af fromto scrub_opts
+scrubrule : SCRUB dir logquick interface af fromto scrub_opts
{
struct pf_rule r;
@@ -629,25 +629,31 @@ scrubrule : SCRUB dir interface af fromto scrub_opts
r.action = PF_SCRUB;
r.direction = $2;
- if ($3) {
- if ($3->not) {
+ r.log = $3.log;
+ if ($3.quick) {
+ yyerror("scrub rules do not support 'quick'");
+ YYERROR;
+ }
+
+ if ($4) {
+ if ($4->not) {
yyerror("scrub rules do not support "
"'! <if>'");
YYERROR;
}
}
- r.af = $4;
- if ($6.nodf)
+ r.af = $5;
+ if ($7.nodf)
r.rule_flag |= PFRULE_NODF;
- if ($6.minttl)
- r.min_ttl = $6.minttl;
- if ($6.maxmss)
- r.max_mss = $6.maxmss;
- if ($6.fragcache)
- r.rule_flag |= $6.fragcache;
-
- expand_rule(&r, $3, NULL, NULL,
- $5.src.host, $5.src.port, $5.dst.host, $5.dst.port,
+ if ($7.minttl)
+ r.min_ttl = $7.minttl;
+ if ($7.maxmss)
+ r.max_mss = $7.maxmss;
+ if ($7.fragcache)
+ r.rule_flag |= $7.fragcache;
+
+ expand_rule(&r, $4, NULL, NULL,
+ $6.src.host, $6.src.port, $6.dst.host, $6.dst.port,
NULL, NULL, NULL);
}
;