On Sat, Nov 22, 2003 at 08:32:00AM -0000, Peter Galbavy wrote:
> OTOH What would be wrong with allowing the "x:y" syntax *additionally* in
> the pass/block rules ?
Actually, I don't know. The only change required is taking out three
error messages. The rest of the code already supports "x:y" in any
rules, it's just one of the generally supported operators in the kernel.
Daniel
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.422
diff -u -r1.422 parse.y
--- parse.y 14 Nov 2003 13:51:09 -0000 1.422
+++ parse.y 22 Nov 2003 13:19:52 -0000
@@ -3121,10 +3121,6 @@
yyerror("port only applies to tcp/udp");
problems++;
}
- if (r->src.port_op == PF_OP_RRG || r->dst.port_op == PF_OP_RRG) {
- yyerror("the ':' port operator only applies to rdr");
- problems++;
- }
if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 &&
(r->type || r->code)) {
yyerror("icmp-type/code only applies to icmp");
@@ -3184,10 +3180,6 @@
int problems = 0;
struct pf_pooladdr *pa;
- if (r->src.port_op == PF_OP_RRG || r->dst.port_op == PF_OP_RRG) {
- yyerror("the ':' port operator only applies to rdr");
- problems++;
- }
if (!r->af) {
TAILQ_FOREACH(pa, &r->rpool.list, entries) {
if (pa->addr.type == PF_ADDR_DYNIFTL) {
@@ -3224,11 +3216,6 @@
if (r->dst.port_op &&
r->dst.port_op != PF_OP_EQ && r->dst.port_op != PF_OP_RRG) {
yyerror("invalid port operator for rdr destination port");
- problems++;
- }
- if (r->src.port_op == PF_OP_RRG) {
- yyerror("the ':' port operator only applies to rdr "
- "destination port");
problems++;
}
if (!r->af) {
