diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2022-11-22 13:43:59 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2022-11-28 19:19:12 +0000 |
| commit | 88e858e57c499f996963bd92e5aac4bace3c4fd3 (patch) | |
| tree | e22f0516506de53cbc2ff2ac721d1c1336548593 /sbin/pfctl | |
| parent | 57e047e51c6daf72912332bc95263084f4f0430c (diff) | |
| download | src-88e858e57c499f996963bd92e5aac4bace3c4fd3.tar.gz src-88e858e57c499f996963bd92e5aac4bace3c4fd3.zip | |
pf: drop support for fragment crop|drop-ovl
We removed the code for these modes back in 2015, but converted such
configurations to 'scrub fragment reassemble'. It's been long enough,
drop the backwards compatibility glue too.
Reviewed by: mjg
MFC after: never
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37460
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 166cbae79087..6f9494828d53 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -492,7 +492,7 @@ int parseport(char *, struct range *r, int); %token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL %token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE -%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR +%token REASSEMBLE ANCHOR NATANCHOR RDRANCHOR BINATANCHOR %token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY FAILPOLICY %token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID %token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3 @@ -1530,8 +1530,6 @@ scrub_opt : NODF { fragcache : FRAGMENT REASSEMBLE { $$ = 0; /* default */ } | FRAGMENT NO REASSEMBLE { $$ = PFRULE_FRAGMENT_NOREASS; } - | FRAGMENT FRAGCROP { $$ = 0; } - | FRAGMENT FRAGDROP { $$ = 0; } ; antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { @@ -6131,14 +6129,12 @@ lookup(char *s) { "cbq", CBQ}, { "code", CODE}, { "codelq", CODEL}, - { "crop", FRAGCROP}, { "debug", DEBUG}, { "divert-reply", DIVERTREPLY}, { "divert-to", DIVERTTO}, { "dnpipe", DNPIPE}, { "dnqueue", DNQUEUE}, { "drop", DROP}, - { "drop-ovl", FRAGDROP}, { "dup-to", DUPTO}, { "ether", ETHER}, { "fail-policy", FAILPOLICY}, |