diff options
| author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-08-21 19:12:10 +0000 |
|---|---|---|
| committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-08-21 19:12:10 +0000 |
| commit | b52022c22d0099a7ee4fac807fbc3cf0d1ed41dd (patch) | |
| tree | ee69abaecaf37fc21178586105aec99dbe4500db /sys/conf | |
| parent | ac8ea66182cc0e72f3c2b0178333b53707008bbc (diff) | |
Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.
Exposes the source IP's operating system to the filter language.
Interesting policy decisions are now enforceable:
. block proto tcp from any os SCO
. block proto tcp from any os Windows to any port smtp
. rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001
Diffstat (limited to 'sys/conf')
| -rw-r--r-- | sys/conf/files | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/conf/files b/sys/conf/files index f065928d4f2..be1cf6b9fcc 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.278 2003/08/19 03:36:20 mickey Exp $ +# $OpenBSD: files,v 1.279 2003/08/21 19:12:07 frantzen Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -377,6 +377,7 @@ file net/pf.c pf needs-flag file net/pf_norm.c pf file net/pf_ioctl.c pf file net/pf_table.c pf +file net/pf_osfp.c pf pseudo-device pflog: ifnet file net/if_pflog.c pflog needs-flag pseudo-device pfsync: ifnet |