From bbe6ac11b13217876746615b3fc538e1f5063ff4 Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Mon, 7 Oct 2002 13:18:41 +0000 Subject: support a generic return block return in|out ... acts like return-rst on tcp, like return-icmp on udp and like an ordinary block on anything else ok dhartmei@ --- sys/net/pf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'sys/net/pf.c') diff --git a/sys/net/pf.c b/sys/net/pf.c index 045eb6fd83f..84d40676e40 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.250 2002/10/07 13:15:02 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.251 2002/10/07 13:18:40 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1737,7 +1737,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, if (((*rm)->action == PF_DROP) && (((*rm)->rule_flag & PFRULE_RETURNRST) || - ((*rm)->rule_flag & PFRULE_RETURNICMP))) { + ((*rm)->rule_flag & PFRULE_RETURNICMP) || + ((*rm)->rule_flag & PFRULE_RETURN))) { /* undo NAT/RST changes, if they have taken place */ if (nat != NULL || (binat != NULL && direction == PF_OUT)) { @@ -1750,7 +1751,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, &th->th_sum, &baddr, bport, 0, af); rewrite++; } - if ((*rm)->rule_flag & PFRULE_RETURNRST) + if (((*rm)->rule_flag & PFRULE_RETURNRST) || + ((*rm)->rule_flag & PFRULE_RETURN)) pf_send_reset(off, th, pd, af, (*rm)->return_ttl); else if ((af == AF_INET) && (*rm)->return_icmp) @@ -2001,7 +2003,8 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp, } if (((*rm)->action == PF_DROP) && - ((*rm)->rule_flag & PFRULE_RETURNICMP)) { + (((*rm)->rule_flag & PFRULE_RETURNICMP) || + ((*rm)->rule_flag & PFRULE_RETURN))) { /* undo NAT/RST changes, if they have taken place */ if (nat != NULL || (binat != NULL && direction == PF_OUT)) { -- cgit v1.2.3