diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-02-10 16:33:57 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-02-13 12:38:44 +0000 |
| commit | 71594e3235f21746fbc6c0b12ad70409db18a46b (patch) | |
| tree | db2f8df3d370d7a0c264f17a4008f75a47da1dce /sbin/pfctl | |
| parent | 67c19da08f5788da53cec2764618b9a0dd97460f (diff) | |
pf: support "!received-on <interface>"
ok dlg benno
Obtained from: OpenBSD, henning <henning@openbsd.org>, 7d0482a910
Sponsored by: Rubicon Communications, LLC ("Netgate")
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 6 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 3 |
2 files changed, 6 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 40d116fe1a50..981039f4124c 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -2974,12 +2974,13 @@ filter_opt : USER uids { filter_opts.match_tag = $3; filter_opts.match_tag_not = $1; } - | RECEIVEDON if_item { + | not RECEIVEDON if_item { if (filter_opts.rcv) { yyerror("cannot respecify received-on"); YYERROR; } - filter_opts.rcv = $2; + filter_opts.rcv = $3; + filter_opts.rcv->not = $1; } | PROBABILITY probability { double p; @@ -6279,6 +6280,7 @@ expand_rule(struct pfctl_rule *r, if (rcv) { strlcpy(r->rcv_ifname, rcv->ifname, sizeof(r->rcv_ifname)); + r->rcvifnot = rcv->not; } r->type = icmp_type->type; r->code = icmp_type->code; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index d1e0b4e99940..7a6d2fc8eed5 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -961,7 +961,8 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto, verbose, numeric); if (r->rcv_ifname[0]) - printf(" received-on %s", r->rcv_ifname); + printf(" %sreceived-on %s", r->rcvifnot ? "!" : "", + r->rcv_ifname); if (r->uid.op) print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user", UID_MAX); |