diff options
| -rw-r--r-- | sbin/pfctl/parse.y | 7 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 4 |
2 files changed, 6 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 6d959069014..85b1d199d2b 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.507 2006/10/11 21:04:18 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.508 2006/10/17 07:14:28 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1780,9 +1780,10 @@ pfrule : action dir logquick interface route af proto fromto free(p); } - /* 'flags S/SA' by default on pass rules. */ + /* 'flags S/SA' by default on stateful rules */ if (!r.action && !r.flags && !r.flagset && - !$9.fragment && !($9.marker & FOM_FLAGS)) { + !$9.fragment && !($9.marker & FOM_FLAGS) && + r.keep_state) { r.flags = parse_flags("S"); r.flagset = parse_flags("SA"); } diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index a6eb255858c..aaf4b521291 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.230 2006/10/06 17:04:53 mcbride Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.231 2006/10/17 07:14:28 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -796,7 +796,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) } else if (r->action == PF_PASS && (!r->proto || r->proto == IPPROTO_TCP) && !(r->rule_flag & PFRULE_FRAGMENT) && - !anchor_call[0]) + !anchor_call[0] && r->keep_state) printf(" flags any"); if (r->type) { const struct icmptypeent *it; |