diff options
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 63e10c8..c73db86 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -419,8 +419,19 @@ iphack: */ i = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &divert_cookie, &m, &rule, &ip_fw_fwd_addr); - if (m == NULL) /* Packet discarded by firewall */ - return; + if (i & IP_FW_PORT_DENY_FLAG) { /* XXX new interface-denied */ + if (m) + m_freem(m); + return ; + } + if (m == NULL) { /* Packet discarded by firewall */ + static int __debug=10; + if (__debug >0) { + printf("firewall returns NULL, please update!\n"); + __debug-- ; + } + return; + } if (i == 0 && ip_fw_fwd_addr == NULL) /* common case */ goto pass; #ifdef DUMMYNET |
