diff options
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_input.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index df9176fc13aa..2450a1d04c3e 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -390,7 +390,7 @@ iphack: ip = mtod(m = m1, struct ip *); } #endif - if (ip_fw_chk_ptr) { + if (fw_enable && ip_fw_chk_ptr) { #ifdef IPFIREWALL_FORWARD /* * If we've been forwarded from the output side, then diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 61c8432a0ed3..52350e3315b6 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -176,7 +176,7 @@ ip_output(m0, opt, ro, flags, imo) /* * the packet was already tagged, so part of the * processing was already done, and we need to go down. - * * Get parameters from the header. + * Get parameters from the header. */ rule = (struct ip_fw_chain *)(m->m_data) ; opt = NULL ; @@ -462,7 +462,7 @@ sendit: /* * Check with the firewall... */ - if (ip_fw_chk_ptr) { + if (fw_enable && ip_fw_chk_ptr) { struct sockaddr_in *old = dst; off = (*ip_fw_chk_ptr)(&ip, |