Do not allow 'ipfw fwd' command when IPFIREWALL_FORWARD is not compiled into
the kernel. Return EINVAL instead.
This commit is contained in:
parent
f91248c1ad
commit
bda337d05e
@ -2955,9 +2955,13 @@ check_ipfw_struct(struct ip_fw *rule, int size)
|
||||
goto check_action;
|
||||
|
||||
case O_FORWARD_IP:
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
if (cmdlen != F_INSN_SIZE(ipfw_insn_sa))
|
||||
goto bad_size;
|
||||
goto check_action;
|
||||
#else
|
||||
return EINVAL;
|
||||
#endif
|
||||
|
||||
case O_DIVERT:
|
||||
case O_TEE:
|
||||
|
Loading…
x
Reference in New Issue
Block a user