diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:06 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:06 -0300 |
commit | 2042629d2832f01aedf341b8cfdf333f39743595 (patch) | |
tree | 6e22eb34609a9bd0fc3a18ea508b3377cdef4b7c /sbin/pfctl | |
parent | ba3cfbc880a712304a0cbc8e48a8bc428a40ab50 (diff) | |
download | FreeBSD-src-2042629d2832f01aedf341b8cfdf333f39743595.zip FreeBSD-src-2042629d2832f01aedf341b8cfdf333f39743595.tar.gz |
Importing pfSense patch pf_match.diff
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/parse.y | 4 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index a28f96e..3b95dd9 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -446,7 +446,7 @@ int parseport(char *, struct range *r, int); %} -%token PASS BLOCK SCRUB RETURN IN OS OUT LOG QUICK ON FROM TO FLAGS +%token PASS BLOCK MATCH SCRUB RETURN IN OS OUT LOG QUICK ON FROM TO FLAGS %token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE %token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL SCHEDULE @@ -2565,6 +2565,7 @@ probability : STRING { action : PASS { $$.b1 = PF_PASS; $$.b2 = $$.w = 0; } + | MATCH { $$.b1 = PF_MATCH; $$.b2 = $$.w = 0; } | BLOCK blockspec { $$ = $2; $$.b1 = PF_DROP; } ; @@ -5485,6 +5486,7 @@ lookup(char *s) { "load", LOAD}, { "log", LOG}, { "loginterface", LOGINTERFACE}, + { "match", MATCH}, { "max", MAXIMUM}, { "max-mss", MAXMSS}, { "max-src-conn", MAXSRCCONN}, diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index b4a6eb9..bf3fe8c 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -692,7 +692,9 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric) if (verbose) printf("@%d ", r->nr); - if (r->action > PF_NORDR) + if (r->action == PF_MATCH) + printf("match"); + else if (r->action > PF_NORDR) printf("action(%d)", r->action); else if (anchor_call[0]) { if (anchor_call[0] == '_') { |