diff options
| author |   joel <joel@openbsd.org> | 2006-12-20 03:33:38 +0000 |
|---|---|---|
| committer | joel <joel@openbsd.org> | 2006-12-20 03:33:38 +0000 |
| commit | 4d8d3738d9dd131b27a447a02c8aa68eea38eff4 (patch) | |
| tree | 5f83b764ed37f58ad8c8a311f9d556d77868ef55 /libexec/tftp-proxy/tftp-proxy.c | |
| parent | acpi fits when we decide that it is more important than ahc(4) adaptec (diff) | |
| download | wireguard-openbsd-4d8d3738d9dd131b27a447a02c8aa68eea38eff4.tar.xz wireguard-openbsd-4d8d3738d9dd131b27a447a02c8aa68eea38eff4.zip | |
add an additional rule to the filter anchor that allows traffic out from
the server to the client. this is necessary in case the server is not
otherwise allowed to talk to the client.
ok jcs@
Diffstat (limited to 'libexec/tftp-proxy/tftp-proxy.c')
| -rw-r--r-- | libexec/tftp-proxy/tftp-proxy.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libexec/tftp-proxy/tftp-proxy.c b/libexec/tftp-proxy/tftp-proxy.c index 4bded2a8c2b..18d3323e911 100644 --- a/libexec/tftp-proxy/tftp-proxy.c +++ b/libexec/tftp-proxy/tftp-proxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tftp-proxy.c,v 1.1 2005/12/28 19:07:07 jcs Exp $ +/* $OpenBSD: tftp-proxy.c,v 1.2 2006/12/20 03:33:38 joel Exp $ * * Copyright (c) 2005 DLS Internet Services * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> @@ -294,6 +294,13 @@ main(int argc, char *argv[]) syslog(LOG_ERR, "couldn't add pass in"); exit(1); } + if (add_filter(1, PF_OUT, (struct sockaddr *)&server, + (struct sockaddr *)&from, + ntohs(((struct sockaddr_in *)&from)->sin_port), + IPPROTO_UDP) == -1) { + syslog(LOG_ERR, "couldn't add pass out"); + exit(1); + } /* and just in case, to pass out from us to the server */ if (add_filter(1, PF_OUT, (struct sockaddr *)&proxy_to_server, |