diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org> | 2006-01-22 13:47:07 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org> | 2006-01-22 13:47:07 +0000 |
commit | c5834477d254c14cadf419f869c0eaf7104129a9 (patch) | |
tree | fdb663fc8f5eafa372bdb9a98b2ba63a2281937b /extensions/libipt_policy.c | |
parent | d366545e3dd705cc7349655e8954f7c4b6f02a4a (diff) |
Fix "empty policy element" complaining in non-strict mode.
Noticed by Tom Eastep <teastep@shorewall.net>.
Diffstat (limited to 'extensions/libipt_policy.c')
-rw-r--r-- | extensions/libipt_policy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 593bb11..55b969d 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -287,7 +287,8 @@ static void final_check(unsigned int flags) for (i = 0; i < info->len; i++) { e = &info->pol[i]; - if (!(e->match.reqid || e->match.spi || e->match.saddr || + if (info->flags & IPT_POLICY_MATCH_STRICT && + !(e->match.reqid || e->match.spi || e->match.saddr || e->match.daddr || e->match.proto || e->match.mode)) exit_error(PARAMETER_PROBLEM, "policy match: empty policy element"); |