Author: Brad Smith <brad@comstyle.com>

Bug 2396: Correct the opening of the PF device file.

The PF device file is supposed to be opened read-only as of quite a number of
releases ago.

diff --git a/src/IPInterception.cc b/src/IPInterception.cc
index 83a9c2166749349cf5ebeeb9896c7dd151dacd7c..4817c9434c3137191c1cfabfea4a48ba382b9599 100644 (file)
--- a/src/IPInterception.cc
+++ b/src/IPInterception.cc
@@ -235,7 +235,7 @@ clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct s
     static time_t last_reported = 0;
 
     if (pffd < 0)
-        pffd = open("/dev/pf", O_RDWR);
+        pffd = open("/dev/pf", O_RDONLY);
 
     if (pffd < 0)
     {