From d27c9f5bc38eda519145092c13bca2823a9998d8 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Tue, 29 Mar 2022 14:28:37 +0200 Subject: [PATCH] pf: fixup match rules Ensure that we can set and print match rules in ethernet rules. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_parser.c | 3 ++- sys/netpfil/pf/pf_nv.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index b6d1ebc127e1..1bd95b076ce6 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -744,7 +744,8 @@ void print_eth_rule(struct pfctl_eth_rule *r, const char *anchor_call, int rule_numbers) { - static const char *actiontypes[] = { "pass", "block" }; + static const char *actiontypes[] = { "pass", "block", "", "", "", "", + "", "", "", "", "", "", "match" }; if (rule_numbers) printf("@%u ", r->nr); diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c index 0a79dfb0de7a..85666a5ee111 100644 --- a/sys/netpfil/pf/pf_nv.c +++ b/sys/netpfil/pf/pf_nv.c @@ -1170,7 +1170,8 @@ pf_nveth_rule_to_keth_rule(const nvlist_t *nvl, PFNV_CHK(pf_nvuint8(nvl, "action", &krule->action)); - if (krule->action != PF_PASS && krule->action != PF_DROP) + if (krule->action != PF_PASS && krule->action != PF_DROP && + krule->action != PF_MATCH) return (EBADMSG); errout: