summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorSebastian Benoit <benno@cvs.openbsd.org>2012-03-09 13:50:08 +0000
committerSebastian Benoit <benno@cvs.openbsd.org>2012-03-09 13:50:08 +0000
commit0afcfe82839e17adc0960f4aaf722cbf785542d3 (patch)
tree4b606a79efc1351c6d784c7044c1fd7c7255ff95 /usr.sbin
parent975afb3296ca54bb21b2bbc5af90ee6a261c4636 (diff)
set onrdomain and prio when creating pf rules, found by Gabriel Linder.
ok henning@ phessler@ camield@ "looks good to me" mkb@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/pfe_filter.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 02a528999b5..7e8ee350845 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfe_filter.c,v 1.47 2011/05/19 08:56:49 reyk Exp $ */
+/* $OpenBSD: pfe_filter.c,v 1.48 2012/03/09 13:50:07 benno Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -439,6 +439,8 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
rio.rule.dst.port[0] = address->port.val[0];
rio.rule.dst.port[1] = address->port.val[1];
rio.rule.rtableid = -1; /* stay in the main routing table */
+ rio.rule.onrdomain = getrtable();
+ rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET;
if (rio.rule.proto == IPPROTO_TCP)
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =