pfctl: deny "once" flags for match rules
ok henning Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 47068a62ee Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
+7
-1
@@ -2396,8 +2396,14 @@ pfrule : action dir logquick interface route af proto fromto
|
||||
r.quick = $3.quick;
|
||||
r.af = $6;
|
||||
|
||||
if ($9.marker & FOM_ONCE)
|
||||
if ($9.marker & FOM_ONCE) {
|
||||
if (r.action == PF_MATCH) {
|
||||
yyerror("can't specify once for "
|
||||
"match rules");
|
||||
YYERROR;
|
||||
}
|
||||
r.rule_flag |= PFRULE_ONCE;
|
||||
}
|
||||
|
||||
if (filteropts_to_rule(&r, &$9))
|
||||
YYERROR;
|
||||
|
||||
Reference in New Issue
Block a user