git: 2927a5981b34 - main - pfctl: fix table commands under anchors

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 03 Jul 2025 12:01:15 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=2927a5981b3400cb5147d13580318419ecd1f91c

commit 2927a5981b3400cb5147d13580318419ecd1f91c
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-06-30 09:34:35 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-03 07:16:15 +0000

    pfctl: fix table commands under anchors
    
    With r1.358 I simplified anchor handling but also broke semantics with
    regard to tables:
    
            # pfctl -a aname -t tname -T show
            pfctl: anchors apply to -f, -F and -s only
    
    Unbreak this by checking for table commands as well.
    
    OK bluhm
    
    Obtained from:  OpenBSD, kn <kn@openbsd.org>, 0e2b7406a2
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.8 | 5 +++--
 sbin/pfctl/pfctl.c | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 0a4b8952ef74..5238c53f709d 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 29, 2025
+.Dd June 30, 2025
 .Dt PFCTL 8
 .Os
 .Sh NAME
@@ -114,8 +114,9 @@ Other rules and options are ignored.
 Apply flags
 .Fl f ,
 .Fl F ,
+.Fl s ,
 and
-.Fl s
+.Fl T
 only to the rules in the specified
 .Ar anchor .
 In addition to the main ruleset,
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 21befd3ca697..8c6497b4d1ee 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3196,11 +3196,11 @@ main(int argc, char *argv[])
 	if (anchoropt != NULL) {
 		int len = strlen(anchoropt);
 
-		if (mode == O_RDONLY && showopt == NULL) {
-			warnx("anchors apply to -f, -F and -s only");
+		if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) {
+			warnx("anchors apply to -f, -F, -s, and -T only");
 			usage();
 		}
-		if (mode == O_RDWR &&
+		if (mode == O_RDWR && tblcmdopt == NULL &&
 		    (anchoropt[0] == '_' || strstr(anchoropt, "/_") != NULL))
 			errx(1, "anchor names beginning with '_' cannot "
 			    "be modified from the command line");