Prevent adding a rule with a nat action in case IPFIREWALL_NAT was not defined.

Reviewed: luigi
2007-01-05 12:15:31 +00:00 · 2007-01-05 12:15:31 +00:00 · 3d2fff0d3d
commit 3d2fff0d3d
parent a0b84e7498
1 changed files with 4 additions and 0 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -4222,9 +4222,13 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 			else
 				goto check_size;
 		case O_NAT:
+#ifdef IPFIREWALL_NAT
 			if (cmdlen != F_INSN_SIZE(ipfw_insn_nat))
 				goto bad_size;		
 			goto check_action;
+#else
+			return EINVAL;
+#endif
 		case O_FORWARD_MAC: /* XXX not implemented yet */
 		case O_CHECK_STATE:
 		case O_COUNT: