summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/pfctl/parse.y5
-rw-r--r--sbin/pfctl/pfctl.c8
-rw-r--r--sbin/pfctl/pfctl_parser.h3
-rw-r--r--sbin/pfctl/pfctl_table.c34
4 files changed, 23 insertions, 27 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 62b97545ba6..b739cd62e9e 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.303 2003/02/03 13:40:45 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.304 2003/02/03 14:51:36 cedric Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -759,7 +759,8 @@ tabledef : TABLE PORTUNARY STRING PORTUNARY table_opts {
YYERROR;
}
pfctl_define_table($3, $5.flags, $5.init_addr,
- pf->opts & PF_OPT_NOACTION);
+ (pf->opts & PF_OPT_NOACTION) || !(pf->loadopt &
+ (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)));
}
;
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 6d67afd7998..4eacf683644 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.c,v 1.144 2003/02/03 13:57:47 henning Exp $ */
+/* $OpenBSD: pfctl.c,v 1.145 2003/02/03 14:51:36 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -963,7 +963,8 @@ pfctl_rules(int dev, char *filename, int opts)
if (ioctl(dev, DIOCBEGINRULES, &pr[PF_RULESET_FILTER]))
err(1, "DIOCBEGINRULES");
}
- pfctl_begin_table();
+ if (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL))
+ pfctl_begin_table();
}
/* fill in callback data */
pf.dev = dev;
@@ -1003,7 +1004,8 @@ pfctl_rules(int dev, char *filename, int opts)
if (ioctl(dev, DIOCCOMMITRULES, &pr[PF_RULESET_FILTER]))
err(1, "DIOCCOMMITRULES");
}
- pfctl_commit_table();
+ if (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL))
+ pfctl_commit_table();
}
if (fin != stdin)
fclose(fin);
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index dd0a8c1307a..7a5df9feece 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.h,v 1.46 2003/02/03 13:40:45 henning Exp $ */
+/* $OpenBSD: pfctl_parser.h,v 1.47 2003/02/03 14:51:36 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -151,7 +151,6 @@ struct pf_timeout {
#define PFCTL_FLAG_TABLE 0x20
extern const struct pf_timeout pf_timeouts[];
-extern int loadopt;
void set_ipmask(struct node_host *, u_int8_t);
void ifa_load(void);
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index 136006f9401..9daade3e392 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_table.c,v 1.30 2003/02/03 08:42:15 cedric Exp $ */
+/* $OpenBSD: pfctl_table.c,v 1.31 2003/02/03 14:51:36 cedric Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -560,8 +560,6 @@ pfctl_begin_table(void)
{
static int hookreg;
- if ((loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0)
- return;
if (pfr_ina_begin(&ticket, NULL, 0) != 0) {
radix_perror();
exit(1);
@@ -606,21 +604,19 @@ pfctl_define_table(char *name, int flags, int addrs, int noaction)
{
struct pfr_table tbl;
- if (noaction || (loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0) {
- size = 0;
- return;
- }
- bzero(&tbl, sizeof(tbl));
- if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >=
- sizeof(tbl.pfrt_name))
- errx(1, "pfctl_define_table: strlcpy");
- tbl.pfrt_flags = flags;
-
- inactive = 1;
- if (pfr_ina_define(&tbl, buffer.addrs, size, NULL, NULL, ticket,
- addrs ? PFR_FLAG_ADDRSTOO : 0) != 0) {
- radix_perror();
- exit(1);
+ if (!noaction) {
+ bzero(&tbl, sizeof(tbl));
+ if (strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)) >=
+ sizeof(tbl.pfrt_name))
+ errx(1, "pfctl_define_table: strlcpy");
+ tbl.pfrt_flags = flags;
+
+ inactive = 1;
+ if (pfr_ina_define(&tbl, buffer.addrs, size, NULL, NULL,
+ ticket, addrs ? PFR_FLAG_ADDRSTOO : 0) != 0) {
+ radix_perror();
+ exit(1);
+ }
}
size = 0;
}
@@ -628,8 +624,6 @@ pfctl_define_table(char *name, int flags, int addrs, int noaction)
void
pfctl_commit_table(void)
{
- if ((loadopt & (PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)) == 0)
- return;
if (pfr_ina_commit(ticket, NULL, NULL, 0) != 0) {
radix_perror();
exit(1);