pf: fixup match rules

Ensure that we can set and print match rules in ethernet rules. Sponsored by: Rubicon Communications, LLC ("Netgate")
2022-03-29 14:28:37 +02:00 · 2022-03-29 14:28:37 +02:00 · d27c9f5bc3
commit d27c9f5bc3
parent 81cac0d2f6
2 changed files with 4 additions and 2 deletions
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@ -744,7 +744,8 @@ void
 print_eth_rule(struct pfctl_eth_rule *r, const char *anchor_call,
    int rule_numbers)
 {
-	static const char *actiontypes[] = { "pass", "block" };
+	static const char *actiontypes[] = { "pass", "block", "", "", "", "",
+	    "", "", "", "", "", "", "match" };

 	if (rule_numbers)
 		printf("@%u ", r->nr);
--- a/sys/netpfil/pf/pf_nv.c
+++ b/sys/netpfil/pf/pf_nv.c
@ -1170,7 +1170,8 @@ pf_nveth_rule_to_keth_rule(const nvlist_t *nvl,

 	PFNV_CHK(pf_nvuint8(nvl, "action", &krule->action));

-	if (krule->action != PF_PASS && krule->action != PF_DROP)
+	if (krule->action != PF_PASS && krule->action != PF_DROP &&
+	    krule->action != PF_MATCH)
 		return (EBADMSG);

 errout: