aboutsummaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2022-04-12 11:20:18 +0000
committerKristof Provost <kp@FreeBSD.org>2022-04-20 11:01:12 +0000
commit812839e5aaaf495a85ac7dcb743b565c4792d74d (patch)
tree6cf1ae83c374cfeeb2ad0bce3baec26ac5973ce2 /sbin/pfctl
parent583bb9c530b2316c83017fc51517d3acad1ed9dd (diff)
downloadsrc-812839e5aaaf495a85ac7dcb743b565c4792d74d.tar.gz
src-812839e5aaaf495a85ac7dcb743b565c4792d74d.zip
pf: allow the use of tables in ethernet rules
Allow tables to be used for the l3 source/destination matching. This requires taking the PF_RULES read lock. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D34917
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/parse.y10
1 files changed, 6 insertions, 4 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 5f84a39371f3..21729fc7ba4e 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -3262,13 +3262,15 @@ l3fromto : /* empty */ {
}
| L3 fromto {
if ($2.src.host != NULL &&
- $2.src.host->addr.type != PF_ADDR_ADDRMASK) {
- yyerror("from must be an address");
+ $2.src.host->addr.type != PF_ADDR_ADDRMASK &&
+ $2.src.host->addr.type != PF_ADDR_TABLE) {
+ yyerror("from must be an address or table");
YYERROR;
}
if ($2.dst.host != NULL &&
- $2.dst.host->addr.type != PF_ADDR_ADDRMASK) {
- yyerror("to must be an address");
+ $2.dst.host->addr.type != PF_ADDR_ADDRMASK &&
+ $2.dst.host->addr.type != PF_ADDR_TABLE) {
+ yyerror("to must be an address or table");
YYERROR;
}
$$ = $2;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 17:55:18 +0000