Age | Commit message (Collapse) | Author | |
---|---|---|---|
2003-01-31 | typos; | Jason McIntyre | |
eeprom(8): added .Ar to fields, removed references to sun3 sshd(8): help and ok markus@ help and ok millert@ | |||
2003-01-26 | Removing leading spaces can result in a failure with multiline commands. Ok ↵ | Damien Couderc | |
millert. | |||
2003-01-23 | Honour TCP_WRAPPERS mk.conf setting; ok millert@ | Damien Miller | |
2002-12-21 | better example rules from David Krause, Thanks! | Henning Brauer | |
ok dhartmei@ | |||
2002-12-19 | various tweaks. someone mailed in a huge diff that was so wrong in so | Theo de Raadt | |
many ways, and i wasted 2 hours finding the gems in it... | |||
2002-12-19 | accidental commit | Theo de Raadt | |
2002-12-19 | missing .Pp | Theo de Raadt | |
2002-12-01 | typo; David Krause | Henning Brauer | |
2002-11-27 | I fucked up. The manpage was correct before my last commit. | Henning Brauer | |
noticed by Daniel. To unconfuse it a bit, add a little clarification. ok dhartmei@ | |||
2002-11-27 | corrections and clarifications from Han Boetes <han at mijncomputer dot nl> | Henning Brauer | |
Thanks! | |||
2002-10-11 | Add 'proto tcp' to example rdr rule, it's required now. | Daniel Hartmeier | |
Found by grange@efnet. | |||
2002-10-04 | use port 8021 in examples | Henning Brauer | |
inspired by a PR from rjmooney@aboveground.cx ok deraadt@ | |||
2002-10-04 | improvements; rjmooney@aboveground.cx | Theo de Raadt | |
2002-07-24 | spaces | Theo de Raadt | |
2002-07-24 | clean up docs a bit | Theo de Raadt | |
2002-07-07 | typos/grammar/better words | Jan-Uwe Finck | |
in comments. | |||
2002-07-03 | KNF | Theo de Raadt | |
2002-06-17 | nat.conf(5) no longer exist, reference to pf.conf(5) instead | Peter Valchev | |
2002-06-16 | Some nat.conf(5) -> pf.conf(5) changes. | Miod Vallat | |
Some nat.conf(5) references remain in the text, since it looks better than .Pa /etc/nat.conf and there is still a softlink. | |||
2002-06-09 | no newlines in syslog | Bob Beck | |
2002-06-08 | add example using per-user pf rules to allow backchannel connections | Bob Beck | |
to the proxy. | |||
2002-05-23 | KNF during an audit; found an improperly initialized sockaddr | Theo de Raadt | |
2002-05-19 | o End a sentence with a period, not a comma; Hans-Joerg Hoexer | Todd C. Miller | |
o Start all sentences on a new line (me) | |||
2002-03-27 | We need ftp-proxy only on loopback. | Mike Pechkin | |
todd@, beck@ ok | |||
2002-03-12 | Pass full length to strlcat(). From Brian Poole. | Daniel Hartmeier | |
2002-02-15 | Fix memory leak in get_proxy_env(). | Mike Pechkin | |
deraadt@ ok | |||
2002-02-01 | missing period | Jun-ichiro itojun Hagino | |
2002-01-10 | print proper host name for the proxy's peer; bob ok | Michael Shalayeff | |
2001-12-14 | RFC 959 wasn't clear about what happens around a PASV reply, and in | Bob Beck | |
fact RFC 1123 does say that it may not contain parenthesis, and you just have to look at the end of the line. Tholo managed to find a TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the reply - This fixes it so it will handle either case. | |||
2001-12-07 | kill more registers; | Mike Pechkin | |
millert@ ok | |||
2001-12-06 | comment typo, and $OpenBSD$ (thanks pval) | Bob Beck | |
2001-12-06 | Fix realloc in getline so we exit on failure - in this context it's silly | Bob Beck | |
to try to continue and hold on to the same memory if we can't get memory to hold a control command. log and fail instead. (absurdity spotted by theo) | |||
2001-12-06 | use .Nm more | Theo de Raadt | |
2001-12-06 | don't use "you" in a man page. | Bob Beck | |
2001-12-06 | *** empty log message *** | Bob Beck | |
2001-12-05 | typo | Daniel Hartmeier | |
2001-12-05 | Explain that filter rules need to let pass connections to the proxy ports | Daniel Hartmeier | |
in, why this is so, and how it's done. | |||
2001-12-03 | Ignore leading whitespace in commands. From Frank Denis. Closes PR 2226. | Daniel Hartmeier | |
2001-12-03 | Remove the last line, pf does support IPv6 now. | Daniel Hartmeier | |
From Dries Schellekens. Closes PR 2221. | |||
2001-10-10 | fix multi-line contunuations - ok deraadt@ | Bob Beck | |
2001-09-21 | Drop privs to named group, not group with same name as user. | Bob Beck | |
noticed by itojun, thanks. fries, you need to catch this for what you're using with faithd | |||
2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
2001-09-05 | -Make ftp-proxy drop privs to user "proxy" by default. | Bob Beck | |
*WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures. | |||
2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier | |
2001-08-28 | remove unneeded code (this is done later) | Bob Beck | |
2001-08-28 | oh, some cleanups etc etc | Theo de Raadt | |
2001-08-22 | oops | Bob Beck | |
2001-08-22 | Fixes for my worst abuses of nroff from mpech@ | Bob Beck | |
Add a sentence at the start for espie in dumb user mode :) | |||
2001-08-22 | Duh. | Bob Beck | |
2001-08-22 | -Functionify some of the main loop, so it isn't so horrificly deep and is | Bob Beck | |
a bit easier to look at, for small values of easier. -Add two options for -u user and -g group to optionally make the proxy drop privs after doing it's pf ioctl's to find out where to go. Running as non root does mean that the PORT and EPRT backchannels do not come from port 20, but this isn't a problem for most sensible ftp clients and sets of packet filter rules that aren't written by a knuckle dragging ape living in the 90's. I would make it drop privs by default, but technically this breaks the ftp specs, and for the upcoming stuff to deal with EPRT, we will need root privs to manipulate rdr rules). |