support a generic return

block return in|out ...
acts like return-rst on tcp, like return-icmp on udp and like an ordinary
block on anything else

ok dhartmei@

1 files changed, 7 insertions, 4 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 045eb6fd83f..84d40676e40 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.250 2002/10/07 13:15:02 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.251 2002/10/07 13:18:40 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1737,7 +1737,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 
 		if (((*rm)->action == PF_DROP) &&
 		    (((*rm)->rule_flag & PFRULE_RETURNRST) ||
-		    ((*rm)->rule_flag & PFRULE_RETURNICMP))) {
+		    ((*rm)->rule_flag & PFRULE_RETURNICMP) ||
+		    ((*rm)->rule_flag & PFRULE_RETURN))) {
 			/* undo NAT/RST changes, if they have taken place */
 			if (nat != NULL ||
 			    (binat != NULL && direction == PF_OUT)) {
@@ -1750,7 +1751,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 				    &th->th_sum, &baddr, bport, 0, af);
 				rewrite++;
 			}
-			if ((*rm)->rule_flag & PFRULE_RETURNRST)
+			if (((*rm)->rule_flag & PFRULE_RETURNRST) ||
+			    ((*rm)->rule_flag & PFRULE_RETURN))
 				pf_send_reset(off, th, pd, af,
 				    (*rm)->return_ttl);
 			else if ((af == AF_INET) && (*rm)->return_icmp)
@@ -2001,7 +2003,8 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		}
 
 		if (((*rm)->action == PF_DROP) && 
-		    ((*rm)->rule_flag & PFRULE_RETURNICMP)) {
+		    (((*rm)->rule_flag & PFRULE_RETURNICMP) ||
+		    ((*rm)->rule_flag & PFRULE_RETURN))) {
 			/* undo NAT/RST changes, if they have taken place */
 			if (nat != NULL ||
 			    (binat != NULL && direction == PF_OUT)) {