diff options
| author | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2014-10-06 11:29:50 +0000 |
|---|---|---|
| committer | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2014-10-06 11:29:50 +0000 |
| commit | a5fedf11fcb6b8b2ca11762e9db101952864ce65 (patch) | |
| tree | 854ad5abba35f75bf0897714c147006029a7ec67 /sbin/ipfw | |
| parent | 4deb9c92873c91bdd9782bde111c78679c71b9c4 (diff) | |
| parent | 3615981425e3694ec50e7978d34e0eb21c156432 (diff) | |
| download | src-a5fedf11fcb6b8b2ca11762e9db101952864ce65.tar.gz src-a5fedf11fcb6b8b2ca11762e9db101952864ce65.zip | |
Sync to HEAD@r272609.
Notes
Notes:
svn path=/projects/ipfw/; revision=272610
Diffstat (limited to 'sbin/ipfw')
| -rw-r--r-- | sbin/ipfw/ipfw2.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index a3645dbdcd12..19c1d40949b2 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -3341,13 +3341,34 @@ add_dstip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) return cmd; } +static struct _s_x f_reserved_keywords[] = { + { "altq", TOK_OR }, + { "//", TOK_OR }, + { "diverted", TOK_OR }, + { "dst-port", TOK_OR }, + { "src-port", TOK_OR }, + { "established", TOK_OR }, + { "keep-state", TOK_OR }, + { "frag", TOK_OR }, + { "icmptypes", TOK_OR }, + { "in", TOK_OR }, + { "out", TOK_OR }, + { "ip6", TOK_OR }, + { "any", TOK_OR }, + { "to", TOK_OR }, + { "via", TOK_OR }, + { "{", TOK_OR }, + { NULL, 0 } /* terminator */ +}; + static ipfw_insn * add_ports(ipfw_insn *cmd, char *av, u_char proto, int opcode, int cblen) { - /* XXX "any" is trapped before. Perhaps "to" */ - if (_substrcmp(av, "any") == 0) { - return NULL; - } else if (fill_newports((ipfw_insn_u16 *)cmd, av, proto, cblen)) { + + if (match_token(f_reserved_keywords, av) != -1) + return (NULL); + + if (fill_newports((ipfw_insn_u16 *)cmd, av, proto, cblen)) { /* XXX todo: check that we have a protocol with ports */ cmd->opcode = opcode; return cmd; |