diff options
author | Kristof Provost <kp@FreeBSD.org> | 2022-04-12 11:20:18 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2022-04-20 11:01:12 +0000 |
commit | 812839e5aaaf495a85ac7dcb743b565c4792d74d (patch) | |
tree | 6cf1ae83c374cfeeb2ad0bce3baec26ac5973ce2 /sbin/pfctl | |
parent | 583bb9c530b2316c83017fc51517d3acad1ed9dd (diff) | |
download | src-812839e5aaaf495a85ac7dcb743b565c4792d74d.tar.gz src-812839e5aaaf495a85ac7dcb743b565c4792d74d.zip |
pf: allow the use of tables in ethernet rules
Allow tables to be used for the l3 source/destination matching.
This requires taking the PF_RULES read lock.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34917
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/parse.y | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 5f84a39371f3..21729fc7ba4e 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -3262,13 +3262,15 @@ l3fromto : /* empty */ { } | L3 fromto { if ($2.src.host != NULL && - $2.src.host->addr.type != PF_ADDR_ADDRMASK) { - yyerror("from must be an address"); + $2.src.host->addr.type != PF_ADDR_ADDRMASK && + $2.src.host->addr.type != PF_ADDR_TABLE) { + yyerror("from must be an address or table"); YYERROR; } if ($2.dst.host != NULL && - $2.dst.host->addr.type != PF_ADDR_ADDRMASK) { - yyerror("to must be an address"); + $2.dst.host->addr.type != PF_ADDR_ADDRMASK && + $2.dst.host->addr.type != PF_ADDR_TABLE) { + yyerror("to must be an address or table"); YYERROR; } $$ = $2; |