diff options
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 4 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pfail12.in | 2 | ||||
| -rw-r--r-- | sbin/pfctl/parse.y | 6 |
3 files changed, 9 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index c02c43bae61..47de5c3b4ca 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.22 2002/07/06 18:21:50 henning Exp $ +# $OpenBSD: Makefile,v 1.23 2002/07/08 11:46:32 dhartmei Exp $ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 -PFFAIL=1 2 3 4 5 6 7 8 9 10 11 +PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 .for n in ${PFFAIL} REGRESSTARGETS+=pfail${n} diff --git a/regress/sbin/pfctl/pfail12.in b/regress/sbin/pfctl/pfail12.in new file mode 100644 index 00000000000..e08419140b6 --- /dev/null +++ b/regress/sbin/pfctl/pfail12.in @@ -0,0 +1,2 @@ +# flags on non-tcp rules are invalid +pass in all flags S/SA diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index b9cc12b4d9a..d803ea7cfa4 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.112 2002/07/05 18:09:50 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.113 2002/07/08 11:46:32 dhartmei Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1607,6 +1607,10 @@ rule_consistent(struct pf_rule *r) yyerror("port only applies to tcp/udp"); problems++; } + if (r->proto != IPPROTO_TCP && (r->flags || r->flagset)) { + yyerror("flags only applies to tcp"); + problems++; + } if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 && (r->type || r->code)) { yyerror("icmp-type/code only applies to icmp"); |