dropping packets; increase ip_conntrack_max
[l2tpns.git] / cli.c
diff --git a/cli.c b/cli.c
index 836c0e9..24e9115 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -2,7 +2,7 @@
 // vim: sw=8 ts=8
 
 char const *cvs_name = "$Name:  $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.34 2004-11-29 02:17:17 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.37 2004-11-29 12:36:54 bodea Exp $";
 
 #include <stdio.h>
 #include <stdarg.h>
@@ -2688,6 +2688,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char *
 
        if (a < argc && MATCH("fragments", argv[a]))
        {
+               if (rule.src_ports.op || rule.dst_ports.op || rule.tcp_flag_op)
+               {
+                       cli_print(cli, "Can't specify \"fragments\" on rules with layer 4 matches");
+                       return NULL;
+               }
+
                rule.frag = 1;
                a++;
        }
@@ -3008,6 +3014,9 @@ static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv,
                        return CLI_OK;
                }
 
+               if (i)
+                       cli_print(cli, "");
+
                cli_print(cli, "%s IP access list %s",
                        ip_filters[f].extended ? "Extended" : "Standard",
                        ip_filters[f].name);