diff options
-rw-r--r-- | sbin/pfctl/parse.y | 5 | ||||
-rw-r--r-- | sbin/pfctl/pfctl.c | 8 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.h | 3 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_table.c | 34 |
4 files changed, 23 insertions, 27 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 62b97545ba6..b739cd62e9e 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.303 2003/02/03 13:40:45 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.304 2003/02/03 14:51:36 cedric Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -759,7 +759,8 @@ tabledef : TABLE PORTUNARY STRING PORTUNARY table_opts { YYERROR; } pfctl_define_table($3, $5.flags, $5.init_addr, - pf->opts & PF_OPT_NOACTION); + (pf->opts & PF_OPT_NOACTION) || !(pf->loadopt & + (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL))); } ; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 6d67afd7998..4eacf683644 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.144 2003/02/03 13:57:47 henning Exp $ */ +/* $OpenBSD: pfctl.c,v 1.145 2003/02/03 14:51:36 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -963,7 +963,8 @@ pfctl_rules(int dev, char *filename, int opts) if (ioctl(dev, DIOCBEGINRULES, &pr[PF_RULESET_FILTER])) err(1, "DIOCBEGINRULES"); } - pfctl_begin_table(); + if (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) + pfctl_begin_table(); } /* fill in callback data */ pf.dev = dev; @@ -1003,7 +1004,8 @@ pfctl_rules(int dev, char *filename, int opts) if (ioctl(dev, DIOCCOMMITRULES, &pr[PF_RULESET_FILTER])) err(1, "DIOCCOMMITRULES"); } - pfctl_commit_table(); + if (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) + pfctl_commit_table(); } if (fin != stdin) fclose(fin); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index dd0a8c1307a..7a5df9feece 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.46 2003/02/03 13:40:45 henning Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.47 2003/02/03 14:51:36 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -151,7 +151,6 @@ struct pf_timeout { #define PFCTL_FLAG_TABLE 0x20 extern const struct pf_timeout pf_timeouts[]; -extern int loadopt; void set_ipmask(struct node_host *, u_int8_t); void ifa_load(void); diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c index 136006f9401..9daade3e392 100644 --- a/sbin/pfctl/pfctl_table.c +++ b/sbin/pfctl/pfctl_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_table.c,v 1.30 2003/02/03 08:42:15 cedric Exp $ */ +/* $OpenBSD: pfctl_table.c,v 1.31 2003/02/03 14:51:36 cedric Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -560,8 +560,6 @@ pfctl_begin_table(void) { static int hookreg; - if ((loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0) - return; if (pfr_ina_begin(&ticket, NULL, 0) != 0) { radix_perror(); exit(1); @@ -606,21 +604,19 @@ pfctl_define_table(char *name, int flags, int addrs, int noaction) { struct pfr_table tbl; - if (noaction || (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0) { - size = 0; - return; - } - bzero(&tbl, sizeof(tbl)); - if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >= - sizeof(tbl.pfrt_name)) - errx(1, "pfctl_define_table: strlcpy"); - tbl.pfrt_flags = flags; - - inactive = 1; - if (pfr_ina_define(&tbl, buffer.addrs, size, NULL, NULL, ticket, - addrs ? PFR_FLAG_ADDRSTOO : 0) != 0) { - radix_perror(); - exit(1); + if (!noaction) { + bzero(&tbl, sizeof(tbl)); + if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >= + sizeof(tbl.pfrt_name)) + errx(1, "pfctl_define_table: strlcpy"); + tbl.pfrt_flags = flags; + + inactive = 1; + if (pfr_ina_define(&tbl, buffer.addrs, size, NULL, NULL, + ticket, addrs ? PFR_FLAG_ADDRSTOO : 0) != 0) { + radix_perror(); + exit(1); + } } size = 0; } @@ -628,8 +624,6 @@ pfctl_define_table(char *name, int flags, int addrs, int noaction) void pfctl_commit_table(void) { - if ((loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0) - return; if (pfr_ina_commit(ticket, NULL, NULL, 0) != 0) { radix_perror(); exit(1); |