| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-07-24 | spaces | Theo de Raadt | |
| 2002-07-24 | clean up docs a bit | Theo de Raadt | |
| 2002-07-07 | typos/grammar/better words | Jan-Uwe Finck | |
| in comments. | |||
| 2002-07-03 | KNF | Theo de Raadt | |
| 2002-06-17 | nat.conf(5) no longer exist, reference to pf.conf(5) instead | Peter Valchev | |
| 2002-06-16 | Some nat.conf(5) -> pf.conf(5) changes. | Miod Vallat | |
| Some nat.conf(5) references remain in the text, since it looks better than .Pa /etc/nat.conf and there is still a softlink. | |||
| 2002-06-09 | no newlines in syslog | Bob Beck | |
| 2002-06-08 | add example using per-user pf rules to allow backchannel connections | Bob Beck | |
| to the proxy. | |||
| 2002-05-23 | KNF during an audit; found an improperly initialized sockaddr | Theo de Raadt | |
| 2002-05-19 | o End a sentence with a period, not a comma; Hans-Joerg Hoexer | Todd C. Miller | |
| o Start all sentences on a new line (me) | |||
| 2002-03-27 | We need ftp-proxy only on loopback. | Mike Pechkin | |
| todd@, beck@ ok | |||
| 2002-03-12 | Pass full length to strlcat(). From Brian Poole. | Daniel Hartmeier | |
| 2002-02-15 | Fix memory leak in get_proxy_env(). | Mike Pechkin | |
| deraadt@ ok | |||
| 2002-02-01 | missing period | Jun-ichiro itojun Hagino | |
| 2002-01-10 | print proper host name for the proxy's peer; bob ok | Michael Shalayeff | |
| 2001-12-14 | RFC 959 wasn't clear about what happens around a PASV reply, and in | Bob Beck | |
| fact RFC 1123 does say that it may not contain parenthesis, and you just have to look at the end of the line. Tholo managed to find a TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the reply - This fixes it so it will handle either case. | |||
| 2001-12-07 | kill more registers; | Mike Pechkin | |
| millert@ ok | |||
| 2001-12-06 | comment typo, and $OpenBSD$ (thanks pval) | Bob Beck | |
| 2001-12-06 | Fix realloc in getline so we exit on failure - in this context it's silly | Bob Beck | |
| to try to continue and hold on to the same memory if we can't get memory to hold a control command. log and fail instead. (absurdity spotted by theo) | |||
| 2001-12-06 | use .Nm more | Theo de Raadt | |
| 2001-12-06 | don't use "you" in a man page. | Bob Beck | |
| 2001-12-06 | *** empty log message *** | Bob Beck | |
| 2001-12-05 | typo | Daniel Hartmeier | |
| 2001-12-05 | Explain that filter rules need to let pass connections to the proxy ports | Daniel Hartmeier | |
| in, why this is so, and how it's done. | |||
| 2001-12-03 | Ignore leading whitespace in commands. From Frank Denis. Closes PR 2226. | Daniel Hartmeier | |
| 2001-12-03 | Remove the last line, pf does support IPv6 now. | Daniel Hartmeier | |
| From Dries Schellekens. Closes PR 2221. | |||
| 2001-10-10 | fix multi-line contunuations - ok deraadt@ | Bob Beck | |
| 2001-09-21 | Drop privs to named group, not group with same name as user. | Bob Beck | |
| noticed by itojun, thanks. fries, you need to catch this for what you're using with faithd | |||
| 2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
| 2001-09-05 | -Make ftp-proxy drop privs to user "proxy" by default. | Bob Beck | |
| *WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures. | |||
| 2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier | |
| 2001-08-28 | remove unneeded code (this is done later) | Bob Beck | |
| 2001-08-28 | oh, some cleanups etc etc | Theo de Raadt | |
| 2001-08-22 | oops | Bob Beck | |
| 2001-08-22 | Fixes for my worst abuses of nroff from mpech@ | Bob Beck | |
| Add a sentence at the start for espie in dumb user mode :) | |||
| 2001-08-22 | Duh. | Bob Beck | |
| 2001-08-22 | -Functionify some of the main loop, so it isn't so horrificly deep and is | Bob Beck | |
| a bit easier to look at, for small values of easier. -Add two options for -u user and -g group to optionally make the proxy drop privs after doing it's pf ioctl's to find out where to go. Running as non root does mean that the PORT and EPRT backchannels do not come from port 20, but this isn't a problem for most sensible ftp clients and sets of packet filter rules that aren't written by a knuckle dragging ape living in the 90's. I would make it drop privs by default, but technically this breaks the ftp specs, and for the upcoming stuff to deal with EPRT, we will need root privs to manipulate rdr rules). | |||
| 2001-08-19 | unsmokecrack - thanks millert | Bob Beck | |
| 2001-08-19 | decruftify with prejudice | Bob Beck | |
| 2001-08-19 | decruftify | Bob Beck | |
| 2001-08-19 | Argh. I must be wearing a stupid sign today | Bob Beck | |
| 2001-08-19 | bye bye atoi. | Bob Beck | |
| 2001-08-19 | oops | Bob Beck | |
| 2001-08-19 | I'm a knuckle-dragging moron, the fd_set is overflowable - make it so | Bob Beck | |
| it isn't. | |||
| 2001-08-19 | 1564 lines of cleanup | Theo de Raadt | |
| 2001-08-19 | KNF | Bob Beck | |
| 2001-08-19 | gratuitous KNFism's, don't have it looking like it's your first day | Bob Beck | |
| with your new crack pipe | |||
| 2001-08-19 | transparent ftp proxy, based on Obtuse Systems juniper stuff with much | Bob Beck | |
| modernizing and cleanup. still needs looking at. Currently supports PORT PASV EPRT data connections with only a pf rdr to capture the control connection. (I.E. you don't need ip forwarding or other NAT stuff). Runs from inetd. Supports all passive (EPSV PASV) when using -n flag, where the proxy ignores passive mode data connections (and assumes nat will get them through). Todo yet: More audit IpV6 Handle EPSV in proxy (with an rdr added then removed) Option to Daemonize and bind only to the loopback More Content/Login filtering, etc. etc. and more bloat | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |