Do not allow 'ipfw fwd' command when IPFIREWALL_FORWARD is not compiled into

the kernel. Return EINVAL instead.
svn path=/head/; revision=135168
2025-01-22 16:44:32 +01:00 · 2004-09-13 19:27:23 +00:00 · 2004-09-13 19:27:23 +00:00 · bda337d05e · 2020-12-20 02:59:44 +00:00
commit bda337d05e
parent f91248c1ad
1 changed files with 4 additions and 0 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -2955,9 +2955,13 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 			goto check_action;

 		case O_FORWARD_IP:
+#ifdef	IPFIREWALL_FORWARD
 			if (cmdlen != F_INSN_SIZE(ipfw_insn_sa))
 				goto bad_size;
 			goto check_action;
+#else
+			return EINVAL;
+#endif

 		case O_DIVERT:
 		case O_TEE: