d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent adding a rule with a nat action in case IPFIREWALL_NAT was not defined.

Browse Source 
Reviewed: luigi
This commit is contained in:
Paolo Pisati 2007-01-05 12:15:31 +00:00
parent a0b84e7498
commit 3d2fff0d3d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/netinet/ip_fw2.c
View File

@ -4222,9 +4222,13 @@ check_ipfw_struct(struct ip_fw *rule, int size)
else else
goto check_size; goto check_size;
case O_NAT: case O_NAT:
#ifdef IPFIREWALL_NAT
if (cmdlen != F_INSN_SIZE(ipfw_insn_nat)) if (cmdlen != F_INSN_SIZE(ipfw_insn_nat))
goto bad_size; goto bad_size;
goto check_action; goto check_action;
#else
return EINVAL;
#endif
case O_FORWARD_MAC: /* XXX not implemented yet */ case O_FORWARD_MAC: /* XXX not implemented yet */
case O_CHECK_STATE: case O_CHECK_STATE:
case O_COUNT: case O_COUNT: