d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ftp-proxy: Revert incorrect migration to libpfctl

Browse Source 
libpfctl supports creating rules, but not (yet) adding addresses to a
pool. Adding addresses certainly does not work through adding a rule.

PR:		256917
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2021-07-01 17:16:10 +02:00
parent 8f76eebce4
commit 8923ea6c86
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/pf/ftp-proxy/filter.c
View File

@ -103,8 +103,7 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
&satosin6(nat)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
if (pfctl_add_rule(dev, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfrule.rpool.proxy_port[0] = nat_range_low;
@ -138,8 +137,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
&satosin6(rdr)->sin6_addr.s6_addr, 16);
memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
}
if (pfctl_add_rule(dev, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
return (-1);
pfrule.rpool.proxy_port[0] = rdr_port;