diff options
| author | alex <alex@FreeBSD.org> | 1996-06-29 01:28:19 +0000 |
|---|---|---|
| committer | alex <alex@FreeBSD.org> | 1996-06-29 01:28:19 +0000 |
| commit | edea64b8448620956b085de96eaa65638bd07623 (patch) | |
| tree | 7608de2867e06c002d75769acd270fc2c8d518a5 /sbin/ipfw/ipfw.c | |
| parent | 153deea5fae3a1f81bfbb97a2166a4e37bbec96f (diff) | |
| download | FreeBSD-src-edea64b8448620956b085de96eaa65638bd07623.zip FreeBSD-src-edea64b8448620956b085de96eaa65638bd07623.tar.gz | |
Formatting fixes for 'in' and 'out' while listing.
Prevent ALL protocol from being used with port specifications.
Allow 'via' keyword at any point in the options list. Disallow
multiple 'via' specifications.
Diffstat (limited to 'sbin/ipfw/ipfw.c')
| -rw-r--r-- | sbin/ipfw/ipfw.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c index 326a889..63dc4c3 100644 --- a/sbin/ipfw/ipfw.c +++ b/sbin/ipfw/ipfw.c @@ -16,7 +16,7 @@ * * NEW command line interface for IP firewall facility * - * $Id: ipfw.c,v 1.26 1996/06/18 01:46:34 alex Exp $ + * $Id: ipfw.c,v 1.27 1996/06/23 20:47:51 alex Exp $ * */ @@ -237,9 +237,9 @@ show_ipfw(chain) if ((chain->fw_flg & IP_FW_F_IN) && (chain->fw_flg & IP_FW_F_OUT)) ; else if (chain->fw_flg & IP_FW_F_IN) - printf(" in "); + printf(" in"); else if (chain->fw_flg & IP_FW_F_OUT) - printf(" out "); + printf(" out"); if (chain->fw_flg&IP_FW_F_IFNAME && chain->fw_via_name[0]) { char ifnb[FW_IFNLEN+1]; @@ -256,7 +256,7 @@ show_ipfw(chain) } if (chain->fw_flg & IP_FW_F_FRAG) - printf(" frag "); + printf(" frag"); if (chain->fw_ipopt || chain->fw_ipnopt) { int _opt_printed = 0; @@ -673,27 +673,37 @@ add(ac,av) av++; ac--; } - if (ac && !strncmp(*av,"via",strlen(*av))) { - av++; ac--; - if (!isdigit(**av)) { - char *q; - - strcpy(rule.fw_via_name, *av); - for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++) - continue; - if (*q == '*') - rule.fw_flg = IP_FW_F_IFUWILD; - else - rule.fw_via_unit = atoi(q); - *q = '\0'; - rule.fw_flg |= IP_FW_F_IFNAME; - } else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) { - show_usage("bad IP# after via\n"); - } - av++; ac--; + if ((rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_TCP && + (rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_UDP && + (rule.fw_nsp || rule.fw_ndp)) { + show_usage("only TCP and UDP protocols are valid with port specifications"); } while (ac) { + if (ac && !strncmp(*av,"via",strlen(*av))) { + if (rule.fw_via_ip.s_addr || (rule.fw_flg & IP_FW_F_IFNAME)) { + show_usage("multiple 'via' options specified"); + } + + av++; ac--; + if (!isdigit(**av)) { + char *q; + + strcpy(rule.fw_via_name, *av); + for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++) + continue; + if (*q == '*') + rule.fw_flg = IP_FW_F_IFUWILD; + else + rule.fw_via_unit = atoi(q); + *q = '\0'; + rule.fw_flg |= IP_FW_F_IFNAME; + } else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) { + show_usage("bad IP# after via\n"); + } + av++; ac--; + continue; + } if (!strncmp(*av,"fragment",strlen(*av))) { rule.fw_flg |= IP_FW_F_FRAG; av++; ac--; continue; } |
