diff options
Diffstat (limited to 'sbin/ipfw/ipfw.c')
| -rw-r--r-- | sbin/ipfw/ipfw.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c index 29300d1..5663ed7 100644 --- a/sbin/ipfw/ipfw.c +++ b/sbin/ipfw/ipfw.c @@ -16,7 +16,7 @@ * * NEW command line interface for IP firewall facility * - * $Id: ipfw.c,v 1.52 1998/01/08 00:27:31 alex Exp $ + * $Id: ipfw.c,v 1.53 1998/01/08 03:03:50 alex Exp $ * */ @@ -502,7 +502,7 @@ show_usage(const char *fmt, ...) " src: from [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]\n" " dst: to [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]\n" " extras:\n" -" fragment\n" +" fragment (may not be used with ports or tcpflags)\n" " in\n" " out\n" " {xmit|recv|via} {iface|ip|any}\n" @@ -1108,6 +1108,15 @@ badviacombo: } else if ((rule.fw_flg & IP_FW_F_OIFACE) && (rule.fw_flg & IP_FW_F_IN)) show_usage("can't check xmit interface of incoming packets"); + /* frag may not be used in conjunction with ports or TCP flags */ + if (rule.fw_flg & IP_FW_F_FRAG) { + if (rule.fw_tcpf || rule.fw_tcpnf) + show_usage(EX_USAGE, "can't mix 'frag' and tcpflags"); + + if (rule.fw_nports) + show_usage(EX_USAGE, "can't mix 'frag' and port specifications"); + } + if (!do_quiet) show_ipfw(&rule, 10, 10); i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule); |
