Drop PKT_ALIAS_IGNORED packets if ``nat deny_incoming yes'' is in effect.

Approved by: rwatson, ru
author: brian <brian@FreeBSD.org> 2000-10-30 18:02:01 +0000
committer: brian <brian@FreeBSD.org> 2000-10-30 18:02:01 +0000
commit: 77cc3172cc8618af18a350832e8c424632d98d2c (patch)
tree: ad57bcd3d2f7424756702205c1aeb9743b7f8be8 /usr.sbin/ppp/nat_cmd.c
parent: e25226e0c4caaa3e1286b3e6cc56cf4d56b14046 (diff)
download: FreeBSD-src-77cc3172cc8618af18a350832e8c424632d98d2c.zip
FreeBSD-src-77cc3172cc8618af18a350832e8c424632d98d2c.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c
index f5ff49e..588ceab 100644
--- a/usr.sbin/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/nat_cmd.c
@@ -421,7 +421,11 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
       break;
 
     case PKT_ALIAS_IGNORED:
-      if (log_IsKept(LogTCPIP)) {
+      if (PacketAliasSetMode(0, 0) & PKT_ALIAS_DENY_INCOMING) {
+        log_Printf(LogTCPIP, "NAT engine denied data:\n");
+        m_freem(bp);
+        bp = NULL;
+      } else if (log_IsKept(LogTCPIP)) {
         log_Printf(LogTCPIP, "NAT engine ignored data:\n");
         PacketCheck(bundle, MBUF_CTOP(bp), bp->m_len, NULL, NULL, NULL);
       }
author	brian <brian@FreeBSD.org>	2000-10-30 18:02:01 +0000
committer	brian <brian@FreeBSD.org>	2000-10-30 18:02:01 +0000
commit	77cc3172cc8618af18a350832e8c424632d98d2c (patch)
tree	ad57bcd3d2f7424756702205c1aeb9743b7f8be8 /usr.sbin/ppp/nat_cmd.c
parent	e25226e0c4caaa3e1286b3e6cc56cf4d56b14046 (diff)
download	FreeBSD-src-77cc3172cc8618af18a350832e8c424632d98d2c.zip FreeBSD-src-77cc3172cc8618af18a350832e8c424632d98d2c.tar.gz