The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=9d74a1b5d6cfde02d27786c59ccafafdf6d6fe63
commit 9d74a1b5d6cfde02d27786c59ccafafdf6d6fe63
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-02 09:43:43 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-07 15:06:49 +0000
pfctl: Make -N and -r mutually exclusive
Either disable DNS or enable additional reverse lookups, but not both.
OK benno
Obtained from: OpenBSD, kn <k...@openbsd.org>, b294e41e93
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.8 | 6 +++++-
sbin/pfctl/pfctl.c | 3 +++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 85294dda949f..0c4a7b519bf6 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 1, 2025
+.Dd July 2, 2025
.Dt PFCTL 8
.Os
.Sh NAME
@@ -402,6 +402,10 @@ Load only the filter rules present in the rule file.
Other rules and options are ignored.
.It Fl r
Perform reverse DNS lookups on states and tables when displaying them.
+.Fl N
+and
+.Fl r
+are mutually exclusive.
.It Fl s Ar modifier
Show the filter parameters specified by
.Ar modifier
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 10183084ceec..d3614f5f7c59 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3156,6 +3156,9 @@ main(int argc, char *argv[])
}
}
+ if ((opts & PF_OPT_NODNS) && (opts & PF_OPT_USEDNS))
+ errx(1, "-N and -r are mutually exclusive");
+
if (tblcmdopt == NULL ^ tableopt == NULL)
usage();
