diff options
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/sbin/ipfw/ipfw.c b/sbin/ipfw/ipfw.c index 326a889..63dc4c3 100644 --- a/sbin/ipfw/ipfw.c +++ b/sbin/ipfw/ipfw.c @@ -16,7 +16,7 @@ * * NEW command line interface for IP firewall facility * - * $Id: ipfw.c,v 1.26 1996/06/18 01:46:34 alex Exp $ + * $Id: ipfw.c,v 1.27 1996/06/23 20:47:51 alex Exp $ * */ @@ -237,9 +237,9 @@ show_ipfw(chain) if ((chain->fw_flg & IP_FW_F_IN) && (chain->fw_flg & IP_FW_F_OUT)) ; else if (chain->fw_flg & IP_FW_F_IN) - printf(" in "); + printf(" in"); else if (chain->fw_flg & IP_FW_F_OUT) - printf(" out "); + printf(" out"); if (chain->fw_flg&IP_FW_F_IFNAME && chain->fw_via_name[0]) { char ifnb[FW_IFNLEN+1]; @@ -256,7 +256,7 @@ show_ipfw(chain) } if (chain->fw_flg & IP_FW_F_FRAG) - printf(" frag "); + printf(" frag"); if (chain->fw_ipopt || chain->fw_ipnopt) { int _opt_printed = 0; @@ -673,27 +673,37 @@ add(ac,av) av++; ac--; } - if (ac && !strncmp(*av,"via",strlen(*av))) { - av++; ac--; - if (!isdigit(**av)) { - char *q; - - strcpy(rule.fw_via_name, *av); - for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++) - continue; - if (*q == '*') - rule.fw_flg = IP_FW_F_IFUWILD; - else - rule.fw_via_unit = atoi(q); - *q = '\0'; - rule.fw_flg |= IP_FW_F_IFNAME; - } else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) { - show_usage("bad IP# after via\n"); - } - av++; ac--; + if ((rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_TCP && + (rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_UDP && + (rule.fw_nsp || rule.fw_ndp)) { + show_usage("only TCP and UDP protocols are valid with port specifications"); } while (ac) { + if (ac && !strncmp(*av,"via",strlen(*av))) { + if (rule.fw_via_ip.s_addr || (rule.fw_flg & IP_FW_F_IFNAME)) { + show_usage("multiple 'via' options specified"); + } + + av++; ac--; + if (!isdigit(**av)) { + char *q; + + strcpy(rule.fw_via_name, *av); + for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++) + continue; + if (*q == '*') + rule.fw_flg = IP_FW_F_IFUWILD; + else + rule.fw_via_unit = atoi(q); + *q = '\0'; + rule.fw_flg |= IP_FW_F_IFNAME; + } else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) { + show_usage("bad IP# after via\n"); + } + av++; ac--; + continue; + } if (!strncmp(*av,"fragment",strlen(*av))) { rule.fw_flg |= IP_FW_F_FRAG; av++; ac--; continue; } |