diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-19 11:05:12 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-12-19 11:05:12 +0000 |
| commit | dd3836c9d3ed853d174d02cfa3cea11d6b99bfec (patch) | |
| tree | 733f11e26153610ed5d610778fc83f7132d74f80 /sys/net | |
| parent | 4164e1e8801072dd39a213be809c8ef244ad2e22 (diff) | |
fix 'no nat/rdr/binat' evaluation. from mcbride@, slightly modified :)
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index f95c24e2493..8c8801dd878 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.278 2002/12/19 10:49:54 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.279 2002/12/19 11:05:11 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1578,9 +1578,7 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto, src = &r->src; r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) @@ -1613,6 +1611,9 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto, PF_STEP_OUT_OF_ANCHOR(r, anchorrule, ruleset, rs_num); } + if (rm != NULL && (rm->action == PF_NONAT || + rm->action == PF_NORDR || rm->action == PF_NOBINAT)) + return (NULL); return (rm); } |