diff options
author | andre <andre@FreeBSD.org> | 2004-09-13 19:27:23 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2004-09-13 19:27:23 +0000 |
commit | 3767c4cf7b25bcf958c8af16f3c439b94f722b1c (patch) | |
tree | dca62d0825e1cb71770d5a2535745509eb1b5376 /sys/netinet | |
parent | 2c213c186fe3b1ee172b037aee5ac833af20481c (diff) | |
download | FreeBSD-src-3767c4cf7b25bcf958c8af16f3c439b94f722b1c.zip FreeBSD-src-3767c4cf7b25bcf958c8af16f3c439b94f722b1c.tar.gz |
Do not allow 'ipfw fwd' command when IPFIREWALL_FORWARD is not compiled into
the kernel. Return EINVAL instead.
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw2.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 9a46ce7..a33b361 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -2955,9 +2955,13 @@ check_ipfw_struct(struct ip_fw *rule, int size) goto check_action; case O_FORWARD_IP: +#ifdef IPFIREWALL_FORWARD if (cmdlen != F_INSN_SIZE(ipfw_insn_sa)) goto bad_size; goto check_action; +#else + return EINVAL; +#endif case O_DIVERT: case O_TEE: |