git: 2927a5981b34 - main - pfctl: fix table commands under anchors

Thu, 03 Jul 2025 05:02:27 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2927a5981b3400cb5147d13580318419ecd1f91c

commit 2927a5981b3400cb5147d13580318419ecd1f91c
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-06-30 09:34:35 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-03 07:16:15 +0000

    pfctl: fix table commands under anchors
    
    With r1.358 I simplified anchor handling but also broke semantics with
    regard to tables:
    
            # pfctl -a aname -t tname -T show
            pfctl: anchors apply to -f, -F and -s only
    
    Unbreak this by checking for table commands as well.
    
    OK bluhm
    
    Obtained from:  OpenBSD, kn <k...@openbsd.org>, 0e2b7406a2
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.8 | 5 +++--
 sbin/pfctl/pfctl.c | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 0a4b8952ef74..5238c53f709d 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 29, 2025
+.Dd June 30, 2025
 .Dt PFCTL 8
 .Os
 .Sh NAME
@@ -114,8 +114,9 @@ Other rules and options are ignored.
 Apply flags
 .Fl f ,
 .Fl F ,
+.Fl s ,
 and
-.Fl s
+.Fl T
 only to the rules in the specified
 .Ar anchor .
 In addition to the main ruleset,
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 21befd3ca697..8c6497b4d1ee 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -3196,11 +3196,11 @@ main(int argc, char *argv[])
        if (anchoropt != NULL) {
                int len = strlen(anchoropt);
 
-               if (mode == O_RDONLY && showopt == NULL) {
-                       warnx("anchors apply to -f, -F and -s only");
+               if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) {
+                       warnx("anchors apply to -f, -F, -s, and -T only");
                        usage();
                }
-               if (mode == O_RDWR &&
+               if (mode == O_RDWR && tblcmdopt == NULL &&
                    (anchoropt[0] == '_' || strstr(anchoropt, "/_") != NULL))
                        errx(1, "anchor names beginning with '_' cannot "
                            "be modified from the command line");

Reply via email to