diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-12-13 15:55:28 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2024-01-16 08:45:55 +0000 |
| commit | fc6e50699615c93f39d008709f87c754d9b6c7d3 (patch) | |
| tree | 207e33cbe559ac5dea320dab27ca58586ef79339 /sbin/pfctl | |
| parent | 85b71dcfc99952c0b8d78be93a0104873e8f81f7 (diff) | |
| download | src-fc6e50699615c93f39d008709f87c754d9b6c7d3.tar.gz src-fc6e50699615c93f39d008709f87c754d9b6c7d3.zip | |
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 94b7e241cd25..9ec86f898240 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4680,6 +4680,7 @@ natrule : nataction interface af proto fromto tag tagged rtable redirpool pool_opts { struct pfctl_rule r; + struct node_state_opt *o; if (check_rulestate(PFCTL_STATE_NAT)) YYERROR; @@ -4855,6 +4856,21 @@ natrule : nataction interface af proto fromto tag tagged rtable r.rpool.mape = $10.mape; } + o = keep_state_defaults; + while (o) { + switch (o->type) { + case PF_STATE_OPT_PFLOW: + if (r.rule_flag & PFRULE_PFLOW) { + yyerror("state pflow option: " + "multiple definitions"); + YYERROR; + } + r.rule_flag |= PFRULE_PFLOW; + break; + } + o = o->next; + } + expand_rule(&r, $2, $9 == NULL ? NULL : $9->host, $4, $5.src_os, $5.src.host, $5.src.port, $5.dst.host, $5.dst.port, 0, 0, 0, ""); |