summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c11
-rw-r--r--sys/net/pfvar.h3
2 files changed, 9 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 045eb6fd83f..84d40676e40 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.250 2002/10/07 13:15:02 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.251 2002/10/07 13:18:40 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1737,7 +1737,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
if (((*rm)->action == PF_DROP) &&
(((*rm)->rule_flag & PFRULE_RETURNRST) ||
- ((*rm)->rule_flag & PFRULE_RETURNICMP))) {
+ ((*rm)->rule_flag & PFRULE_RETURNICMP) ||
+ ((*rm)->rule_flag & PFRULE_RETURN))) {
/* undo NAT/RST changes, if they have taken place */
if (nat != NULL ||
(binat != NULL && direction == PF_OUT)) {
@@ -1750,7 +1751,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
&th->th_sum, &baddr, bport, 0, af);
rewrite++;
}
- if ((*rm)->rule_flag & PFRULE_RETURNRST)
+ if (((*rm)->rule_flag & PFRULE_RETURNRST) ||
+ ((*rm)->rule_flag & PFRULE_RETURN))
pf_send_reset(off, th, pd, af,
(*rm)->return_ttl);
else if ((af == AF_INET) && (*rm)->return_icmp)
@@ -2001,7 +2003,8 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
}
if (((*rm)->action == PF_DROP) &&
- ((*rm)->rule_flag & PFRULE_RETURNICMP)) {
+ (((*rm)->rule_flag & PFRULE_RETURNICMP) ||
+ ((*rm)->rule_flag & PFRULE_RETURN))) {
/* undo NAT/RST changes, if they have taken place */
if (nat != NULL ||
(binat != NULL && direction == PF_OUT)) {
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 31bb6cd2cbc..d165163d983 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.93 2002/10/07 13:15:02 henning Exp $ */
+/* $OpenBSD: pfvar.h,v 1.94 2002/10/07 13:18:40 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -286,6 +286,7 @@ struct pf_rule {
#define PFRULE_RETURNICMP 0x08
#define PFRULE_FRAGCROP 0x10 /* non-buffering frag cache */
#define PFRULE_FRAGDROP 0x20 /* drop funny fragments */
+#define PFRULE_RETURN 0x40
struct pf_state_host {
struct pf_addr addr;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 21:36:10 +0000