From 0e2b7406a2bdd4740411992876053a40cd60789f Mon Sep 17 00:00:00 2001 From: kn Date: Tue, 18 Sep 2018 12:55:19 +0000 Subject: [PATCH] fix table commands under anchors With r1.358 I simplified anchor handling but also broke semantics with regard to tables: # pfctl -a aname -t tname -T show pfctl: anchors apply to -f, -F and -s only Unbreak this by checking for table commands as well. OK bluhm --- sbin/pfctl/pfctl.8 | 7 ++++--- sbin/pfctl/pfctl.c | 8 ++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 11dd379a445..98b4edf8aa8 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.171 2017/08/11 22:30:38 benno Exp $ +.\" $OpenBSD: pfctl.8,v 1.172 2018/09/18 12:55:19 kn Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 11 2017 $ +.Dd $Mdocdate: September 18 2018 $ .Dt PFCTL 8 .Os .Sh NAME @@ -94,8 +94,9 @@ The options are as follows: Apply flags .Fl f , .Fl F , +.Fl s , and -.Fl s +.Fl T only to the rules in the specified .Ar anchor . In addition to the main ruleset, diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index b08f7302337..bf7120d9083 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.359 2018/09/08 14:45:55 kn Exp $ */ +/* $OpenBSD: pfctl.c,v 1.360 2018/09/18 12:55:19 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2498,11 +2498,11 @@ main(int argc, char *argv[]) memset(anchorname, 0, sizeof(anchorname)); if (anchoropt != NULL) { - if (mode == O_RDONLY && showopt == NULL) { - warnx("anchors apply to -f, -F and -s only"); + if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) { + warnx("anchors apply to -f, -F, -s, and -T only"); usage(); } - if (mode == O_RDWR && + if (mode == O_RDWR && tblcmdopt == NULL && (anchoropt[0] == '_' || strstr(anchoropt, "/_") != NULL)) errx(1, "anchor names beginning with '_' cannot " "be modified from the command line"); -- 2.20.1