disallow "fragments" on rules with layer 4 matches
This commit is contained in:
Brendan O'Dea
parent
3175a08832
commit
659c46ff4f
1 changed files with 7 additions and 1 deletions
8
cli.c
8
cli.c
|
|
@ -2,7 +2,7 @@
|
||||||
// vim: sw=8 ts=8
|
// vim: sw=8 ts=8
|
||||||
|
|
||||||
char const *cvs_name = "$Name: $";
|
char const *cvs_name = "$Name: $";
|
||||||
char const *cvs_id_cli = "$Id: cli.c,v 1.35 2004-11-29 03:55:19 bodea Exp $";
|
char const *cvs_id_cli = "$Id: cli.c,v 1.36 2004-11-29 06:30:05 bodea Exp $";
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
|
@ -2688,6 +2688,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char *
|
||||||
|
|
||||||
if (a < argc && MATCH("fragments", argv[a]))
|
if (a < argc && MATCH("fragments", argv[a]))
|
||||||
{
|
{
|
||||||
|
if (rule.src_ports.op || rule.dest_ports.op || rule.tcp_flag_op)
|
||||||
|
{
|
||||||
|
cli_print(cli, "Can't specify \"fragments\" on rules with layer 4 matches");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
rule.frag = 1;
|
rule.frag = 1;
|
||||||
a++;
|
a++;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue