disallow "fragments" on rules with layer 4 matches

author Brendan O'Dea <bod@optus.net>

Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)

committer Brendan O'Dea <bod@optus.net>

Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
author Brendan O'Dea <bod@optus.net>
Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
committer Brendan O'Dea <bod@optus.net>
Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
diff --git a/cli.c b/cli.c

index cce382b..b4f578d 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -2,7 +2,7 @@
  // vim: sw=8 ts=8
  
  char const *cvs_name = "$Name:  $";
  // vim: sw=8 ts=8
  
  char const *cvs_name = "$Name:  $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.35 2004-11-29 03:55:19 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.36 2004-11-29 06:30:05 bodea Exp $";
  
  #include <stdio.h>
  #include <stdarg.h>
  
  #include <stdio.h>
  #include <stdarg.h>
@@ -2688,6 +2688,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char *
  
         if (a < argc && MATCH("fragments", argv[a]))
         {
  
         if (a < argc && MATCH("fragments", argv[a]))
         {
+               if (rule.src_ports.op || rule.dest_ports.op || rule.tcp_flag_op)
+               {
+                       cli_print(cli, "Can't specify \"fragments\" on rules with layer 4 matches");
+                       return NULL;
+               }
+
                 rule.frag = 1;
                 a++;
         }
                 rule.frag = 1;
                 a++;
         }
author	Brendan O'Dea <bod@optus.net>
	Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
committer	Brendan O'Dea <bod@optus.net>
	Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)