diff options
| author | alex <alex@FreeBSD.org> | 1996-06-29 03:33:20 +0000 |
|---|---|---|
| committer | alex <alex@FreeBSD.org> | 1996-06-29 03:33:20 +0000 |
| commit | ee1f52e852a3c4fe06e4787abb10d512f77a3cea (patch) | |
| tree | 8d87c0c568aef7902ed54ba6b24d689f35cdf753 /sys | |
| parent | 6d4faa5ec8c26fa388ab6704f78b2a232e9201b9 (diff) | |
| download | FreeBSD-src-ee1f52e852a3c4fe06e4787abb10d512f77a3cea.zip FreeBSD-src-ee1f52e852a3c4fe06e4787abb10d512f77a3cea.tar.gz | |
Reject rules which try to mix ports with incompatible protocols.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_fw.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index d18bd48..1bcc57b 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,7 +12,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.41 1996/06/23 14:28:02 bde Exp $ + * $Id: ip_fw.c,v 1.42 1996/06/25 00:22:20 alex Exp $ */ /* @@ -634,6 +634,16 @@ check_ipfw_struct(struct mbuf *m) } /* + * ICMP and ALL protocols don't check port ranges + */ + if ((frwl->fw_flg & IP_FW_F_KIND) != IP_FW_F_TCP && + (frwl->fw_flg & IP_FW_F_KIND) != IP_FW_F_UDP && + (frwl->fw_nsp || frwl->fw_ndp)) { + dprintf(("ip_fw_ctl: invalid protocol/port combination\n")); + return(NULL); + } + + /* * Rather than modify the entry to make such entries work, * we reject this rule and require user level utilities * to enforce whatever policy they deem appropriate. |
