diff options
| -rw-r--r-- | sbin/pfctl/parse.y | 28 | ||||
| -rw-r--r-- | share/man/man5/pf.conf.5 | 6 |
2 files changed, 12 insertions, 22 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 32ef212819b..bf2e7923f2c 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.619 2012/09/18 10:11:52 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.620 2012/10/18 15:18:57 reyk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2020,24 +2020,6 @@ pfrule : action dir logquick interface af proto fromto $8.route.host->addr.type == PF_ADDR_TABLE || DYNIF_MULTIADDR($8.route.host->addr))) r.route.opts |= PF_POOL_ROUNDROBIN; - if (((r.route.opts & PF_POOL_TYPEMASK) != - PF_POOL_ROUNDROBIN) && - ((r.route.opts & PF_POOL_TYPEMASK) != - PF_POOL_LEASTSTATES) && - disallow_table($8.route.host, - "tables are only " - "supported in round-robin or " - "least-states routing pools")) - YYERROR; - if (((r.route.opts & PF_POOL_TYPEMASK) != - PF_POOL_ROUNDROBIN) && - ((r.route.opts & PF_POOL_TYPEMASK) != - PF_POOL_LEASTSTATES) && - disallow_alias($8.route.host, - "interface (%s) " - "is only supported in round-robin or " - "least-states routing pools")) - YYERROR; if ($8.route.host->next != NULL) { if (((r.route.opts & PF_POOL_TYPEMASK) != PF_POOL_ROUNDROBIN) && @@ -4829,6 +4811,14 @@ apply_redirspec(struct pf_pool *rpool, struct pf_rule *r, struct redirspec *rs, DYNIF_MULTIADDR(rpool->addr)) rpool->opts |= PF_POOL_ROUNDROBIN; + if (((rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_ROUNDROBIN) && + ((rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_LEASTSTATES) && + (disallow_table(rs->rdr->host, "tables are only supported " + "in round-robin or least-states address pools") || + disallow_alias(rs->rdr->host, "interface (%s) is only supported " + "in round-robin or least-states address pools"))) + return (1); + if (rs->pool_opts.key != NULL) memcpy(&rpool->key, rs->pool_opts.key, sizeof(struct pf_poolhashkey)); diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 804c0b8f9d5..d88dcab1b02 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.522 2012/09/20 11:52:46 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.523 2012/10/18 15:18:56 reyk Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 20 2012 $ +.Dd $Mdocdate: October 18 2012 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -1039,7 +1039,7 @@ option prevents from modifying the source port on TCP and UDP packets. .El .Pp -When more than one redirection address is specified, +When more than one redirection address or a table is specified, .Ar round-robin and .Ar least-states |