Formatting fixes for 'in' and 'out' while listing.

Prevent ALL protocol from being used with port specifications. Allow 'via' keyword at any point in the options list. Disallow multiple 'via' specifications.
svn path=/head/; revision=16820
2024-11-05 18:22:52 +00:00 · 1996-06-29 01:28:19 +00:00 · 1996-06-29 01:28:19 +00:00 · 97842144e3 · 2020-12-20 02:59:44 +00:00
commit 97842144e3
parent 700061451a
1 changed files with 32 additions and 22 deletions
--- a/sbin/ipfw/ipfw.c
+++ b/sbin/ipfw/ipfw.c
@ -16,7 +16,7 @@
 *
 * NEW command line interface for IP firewall facility
 *
- * $Id: ipfw.c,v 1.26 1996/06/18 01:46:34 alex Exp $
+ * $Id: ipfw.c,v 1.27 1996/06/23 20:47:51 alex Exp $
 *
 */

@ -237,9 +237,9 @@ show_ipfw(chain)
 	if ((chain->fw_flg & IP_FW_F_IN) && (chain->fw_flg & IP_FW_F_OUT))
 		; 
 	else if (chain->fw_flg & IP_FW_F_IN)
-		printf(" in ");
+		printf(" in");
 	else if (chain->fw_flg & IP_FW_F_OUT)
-		printf(" out ");
+		printf(" out");

 	if (chain->fw_flg&IP_FW_F_IFNAME && chain->fw_via_name[0]) {
 		char ifnb[FW_IFNLEN+1];
@ -256,7 +256,7 @@ show_ipfw(chain)
 	}

 	if (chain->fw_flg & IP_FW_F_FRAG)
-		printf(" frag ");
+		printf(" frag");

 	if (chain->fw_ipopt || chain->fw_ipnopt) {
 		int 	_opt_printed = 0;
@ -673,27 +673,37 @@ add(ac,av)
 		av++; ac--;
 	}

-	if (ac && !strncmp(*av,"via",strlen(*av))) { 
-		av++; ac--; 
-		if (!isdigit(**av)) {
-			char *q;
-
-			strcpy(rule.fw_via_name, *av);
-			for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++)
-				continue;
-			if (*q == '*')
-				rule.fw_flg = IP_FW_F_IFUWILD;
-			else
-				rule.fw_via_unit = atoi(q);
-			*q = '\0';
-			rule.fw_flg |= IP_FW_F_IFNAME;
-		} else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) {
-			show_usage("bad IP# after via\n");
-		}
-		av++; ac--; 
+	if ((rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_TCP &&
+		(rule.fw_flg & IP_FW_F_KIND) != IP_FW_F_UDP &&
+		(rule.fw_nsp || rule.fw_ndp)) {
+		show_usage("only TCP and UDP protocols are valid with port specifications");
 	}

 	while (ac) {
+		if (ac && !strncmp(*av,"via",strlen(*av))) {
+			if (rule.fw_via_ip.s_addr || (rule.fw_flg & IP_FW_F_IFNAME)) {
+				show_usage("multiple 'via' options specified");
+			}
+
+			av++; ac--; 
+			if (!isdigit(**av)) {
+				char *q;
+
+				strcpy(rule.fw_via_name, *av);
+				for (q = rule.fw_via_name; *q && !isdigit(*q) && *q != '*'; q++)
+					continue;
+				if (*q == '*')
+					rule.fw_flg = IP_FW_F_IFUWILD;
+				else
+					rule.fw_via_unit = atoi(q);
+				*q = '\0';
+				rule.fw_flg |= IP_FW_F_IFNAME;
+			} else if (inet_aton(*av,&rule.fw_via_ip) == INADDR_NONE) {
+				show_usage("bad IP# after via\n");
+			}
+			av++; ac--; 
+			continue;
+		}
 		if (!strncmp(*av,"fragment",strlen(*av))) { 
 			rule.fw_flg |= IP_FW_F_FRAG; av++; ac--; continue;
 		}