disallow "fragments" on rules with layer 4 matches
authorbodea <bodea>
Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
committerbodea <bodea>
Mon, 29 Nov 2004 06:30:05 +0000 (06:30 +0000)
cli.c

diff --git a/cli.c b/cli.c
index 3d5e223..fa95339 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -2,7 +2,7 @@
 // vim: sw=8 ts=8
 
 char const *cvs_name = "$Name:  $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.35 2004/11/29 03:55:19 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.36 2004/11/29 06:30:05 bodea Exp $";
 
 #include <stdio.h>
 #include <stdarg.h>
@@ -2688,6 +2688,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char *
 
        if (a < argc && MATCH("fragments", argv[a]))
        {
+               if (rule.src_ports.op || rule.dest_ports.op || rule.tcp_flag_op)
+               {
+                       cli_print(cli, "Can't specify \"fragments\" on rules with layer 4 matches");
+                       return NULL;
+               }
+
                rule.frag = 1;
                a++;
        }