[pf4freebsd] Patch for :broadcast expansion.
James Quick
jq at quick.com
Wed Sep 15 20:53:02 PDT 2004
The expansion of ifname:broadcast, is not useful on systems such
as jail hosts which have multiple addresses on the same network
aliased to the interface, since in that case the broadcast macro
expands to the not only the broadcast address but also the
addresses of each of the aliased host addresses.
This patch to pfctl excludes addresses with /32 netmasks when
expanding the :broadcast macro.
Index: pfctl/pfctl_parser.c
===================================================================
RCS file:
/home/cvsadmin/repository/freebsd/localmods/pf/pfctl/pfctl_parser.c,v
retrieving revision 1.1.1.1
diff -r1.1.1.1 pfctl_parser.c
991c991,992
< if (mode == PFCTL_IFLOOKUP_BCAST && p->af != AF_INET)
---
> if (mode == PFCTL_IFLOOKUP_BCAST &&
> (p->af != AF_INET || unmask(&p->addr.v.a.mask, p->af) == 32))
More information about the freebsd-pf
mailing list