diff options
| author | piso <piso@FreeBSD.org> | 2007-01-05 12:15:31 +0000 |
|---|---|---|
| committer | piso <piso@FreeBSD.org> | 2007-01-05 12:15:31 +0000 |
| commit | e5ae3d604d642bd1567f8ce5f9068493a6ba0a9a (patch) | |
| tree | cb63908abeb26c5d7f1f02ed4b788fae1f6fc62d | |
| parent | f583eee6e15beb870cee2e61468804ac5017cfd2 (diff) | |
| download | FreeBSD-src-e5ae3d604d642bd1567f8ce5f9068493a6ba0a9a.zip FreeBSD-src-e5ae3d604d642bd1567f8ce5f9068493a6ba0a9a.tar.gz | |
Prevent adding a rule with a nat action in case IPFIREWALL_NAT was not defined.
Reviewed: luigi
| -rw-r--r-- | sys/netinet/ip_fw2.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 1644f7f..0f8923f 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -4222,9 +4222,13 @@ check_ipfw_struct(struct ip_fw *rule, int size) else goto check_size; case O_NAT: +#ifdef IPFIREWALL_NAT if (cmdlen != F_INSN_SIZE(ipfw_insn_nat)) goto bad_size; goto check_action; +#else + return EINVAL; +#endif case O_FORWARD_MAC: /* XXX not implemented yet */ case O_CHECK_STATE: case O_COUNT: |
