Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-04-28 | ftp-proxy(8) now requires a divert-to rule | Mike Belopuhov | |
2009-09-17 | sync the spamd example to that used in spamd(8); ok beck | Jason McIntyre | |
2009-09-11 | This sample ruleset does not use require-order to mix NAT/rdr | Stuart Henderson | |
and filter rules, because we no longer have translation rules. Pointed out by Mitja Muzenic, ok henning@ | |||
2009-09-07 | example spamd rules should be "pass in"; | Jason McIntyre | |
2009-09-01 | add back sample spamd(8) rules, converted appropriately; ok henning@ | Todd T. Fries | |
2009-09-01 | todd reminded me we need to adjust this too | Henning Brauer | |
2009-06-10 | pf should block the port range allocated by net.inet.tcp.baddynamic | Igor Sobrado | |
for the X protocol instead of port 6000 only; this way pf provides the same protection level to all X servers. ok sthen@; "I am convinced that 6000-6010 is acceptable for blocking in pf" deraadt@, "i'd thought of something similar" oga@ | |||
2009-05-30 | shorter, ok theo | Henning Brauer | |
2009-05-30 | we want pass, not pass in, so we get state for all connections | Henning Brauer | |
2009-04-26 | remove "set require-order no", it is now the default | Stuart Henderson | |
2009-04-20 | do NOT set defaults to their default here | Theo de Raadt | |
2009-04-06 | reassembly works different now | Henning Brauer | |
2009-02-23 | A newruleset that contains actual blocks people can use if they | Theo de Raadt | |
uncomment them. this is no longer a sample. everything in here now must be completely legit. discussed at length with henning, claudio, and sthen ok sthen | |||
2008-05-09 | now we also need the anchor "relayd/*" in addition to the rdr-anchor. | Reyk Floeter | |
ok pyr@ | |||
2008-04-02 | no more /usr/share/pf; pointed out by Rod Whitworth | Jason McIntyre | |
2008-02-29 | add configuration examples to the default pf.conf file (commented out): | Reyk Floeter | |
- rdr-anchor "relayd/*": the anchor used by relayd to load redirections into pf. - pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to block icmp, this example proposes to allow it by default. ok henning@ | |||
2007-02-24 | Make greylisting the default when spamd is enabled. Uses the new -g flag | Todd C. Miller | |
for spamd-setup. OK beck@ | |||
2006-10-24 | kill extra spaces | David Krause | |
2006-10-07 | 'keep state' is now default, and use 'no state' where intended. | Ryan Thomas McBride | |
2006-01-30 | update for new ftp-proxy | Camiel Dobbelaar | |
ok henning@ | |||
2006-01-26 | set skip is no good idea on int_if in this sample rulseset that also | Henning Brauer | |
has a rdo on $int_if that stops working then. pt out by cedric | |||
2005-08-23 | replace the "pass quick" example line for loopback and the inner interface | Henning Brauer | |
with a set skip statement to the same effect, performs way better suggested by Stuart Henderson <stu@spacehopper.org>, theo ok | |||
2004-04-29 | reminder to set net.inet.ip.forwarding/net.inet6.ip6.forwarding in sysctl.conf | Mike Frantzen | |
ok cedric@ mcbride@ | |||
2004-03-02 | Simplify pf.conf, provide sample rules for greylisting. | Cedric Berger | |
ok beck@, input from many. | |||
2004-02-26 | add src.track timeout and src-nodes limit | David Krause | |
ok mcbride@ | |||
2004-01-29 | sync pf.conf example with spamd(8); ok deraadt@ | Todd T. Fries | |
2003-12-05 | put back lo1 | David Krause | |
requested by deraadt@ | |||
2003-12-05 | lo1 no longer exists by default so don't try to use it in examples | David Krause | |
ok henning@ | |||
2003-11-18 | add a commented out 'set debug' default | David Krause | |
ok henning@ | |||
2003-09-02 | add set fingerprints example | David Krause | |
ok deraadt@ henning@ frantzen@ | |||
2003-06-17 | add adaptive, interval, and frag timeouts to pf.conf and BNF | David Krause | |
ok henning@ dhartmei@ | |||
2003-03-24 | Add comments, mostly borrowed from ftp-proxy(8), showing how to set up up. | Ian Darwin | |
Improved & OK'd by dhartmei@, david@, millert@. | |||
2003-03-11 | remove extra # | David Krause | |
ok henning@ | |||
2003-02-28 | much-needed update to include examples for all seven types of statements | David Krause | |
queueing and table examples are from the fosdem2k3 presentation spamd rdr simplification from henning@ ok dhartmei@ henning@ | |||
2003-02-14 | spamd now uses tables (these load MUCH faster on my ss2); ok deraadt | Jason Wright | |
2002-12-30 | #set limit states unlimited -> 10000, as unlimited is not valid syntax. | Daniel Hartmeier | |
2002-12-23 | default optimization is "normal", not "default" | Henning Brauer | |
2002-12-23 | missing } | Henning Brauer | |
2002-12-23 | -list options with default values | Henning Brauer | |
-correct order -various spelling/grammar/consistency from David Krause with feedback from dhartmei@ | |||
2002-12-21 | sample spamd stuff | Theo de Raadt | |
2002-12-19 | indent so it is more clear, add spews thing | Theo de Raadt | |
2002-12-13 | kill whitespace at EOL; David Krause | Henning Brauer | |
2002-11-24 | make the example parseable (quotes around macros) | Philipp Buehler | |
from sam smith, thx henning@ ok | |||
2002-11-16 | Use macros in sample file, ok dhartmei@ | Ian Darwin | |
2002-06-27 | spell. | Federico G. Schwindt | |
2002-06-22 | add a commented out scrub example | Henning Brauer | |
ok frantzen@ | |||
2002-06-17 | merge nat.conf here as well | Henning Brauer | |
add more simple filter rule examples "commit it" deraadt@ | |||
2001-11-16 | The implicit pass rules come first, not last. Spotted by alec@dtkco.com. | Daniel Hartmeier | |
2001-06-26 | Point to pf.conf(5) and nat.conf(5) for help | smart | |
2001-06-26 | change default pf configuration files to pf.conf and nat.conf. ok theo | Kjell Wooding | |