Date: Thu, 25 Sep 2025 12:41:37 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: d3b73a944b11 - main - pfctl: deny "once" flags for match rules Message-ID: <202509251241.58PCfbvF003218@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d3b73a944b11311b8428f30b019802ebe7aeaef8 commit d3b73a944b11311b8428f30b019802ebe7aeaef8 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-08-27 14:00:38 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-09-25 12:41:08 +0000 pfctl: deny "once" flags for match rules ok henning Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 47068a62ee Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index c35460f5443d..c8c6f6047fa5 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -2396,8 +2396,14 @@ pfrule : action dir logquick interface route af proto fromto r.quick = $3.quick; r.af = $6; - if ($9.marker & FOM_ONCE) + if ($9.marker & FOM_ONCE) { + if (r.action == PF_MATCH) { + yyerror("can't specify once for " + "match rules"); + YYERROR; + } r.rule_flag |= PFRULE_ONCE; + } if (filteropts_to_rule(&r, &$9)) YYERROR;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509251241.58PCfbvF003218>