[netfilter-cvslog] r6426 - trunk/iptables/extensions
kaber at netfilter.org
kaber at netfilter.org
Sun Jan 22 14:47:14 CET 2006
Author: kaber at netfilter.org
Date: 2006-01-22 14:47:07 +0100 (Sun, 22 Jan 2006)
New Revision: 6426
Modified:
trunk/iptables/extensions/libip6t_policy.c
trunk/iptables/extensions/libipt_policy.c
Log:
Fix "empty policy element" complaining in non-strict mode.
Noticed by Tom Eastep <teastep at shorewall.net>.
Modified: trunk/iptables/extensions/libip6t_policy.c
===================================================================
--- trunk/iptables/extensions/libip6t_policy.c 2006-01-22 13:18:09 UTC (rev 6425)
+++ trunk/iptables/extensions/libip6t_policy.c 2006-01-22 13:47:07 UTC (rev 6426)
@@ -327,7 +327,8 @@
for (i = 0; i < info->len; i++) {
e = &info->pol[i];
- if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+ if (info->flags & IP6T_POLICY_MATCH_STRICT &&
+ !(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
exit_error(PARAMETER_PROBLEM,
"policy match: empty policy element");
Modified: trunk/iptables/extensions/libipt_policy.c
===================================================================
--- trunk/iptables/extensions/libipt_policy.c 2006-01-22 13:18:09 UTC (rev 6425)
+++ trunk/iptables/extensions/libipt_policy.c 2006-01-22 13:47:07 UTC (rev 6426)
@@ -287,7 +287,8 @@
for (i = 0; i < info->len; i++) {
e = &info->pol[i];
- if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+ if (info->flags & IPT_POLICY_MATCH_STRICT &&
+ !(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
exit_error(PARAMETER_PROBLEM,
"policy match: empty policy element");
More information about the netfilter-cvslog
mailing list