summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
AgeCommit message (Expand)Author
2003-09-01KNFHenning Brauer
2003-08-28This change is busted. what's worse, REGRESSION TESTS WOULD HAVE CAUGHT IT!Kjell Wooding
2003-08-26catch port/user/group a <>/>< b with a >= b, from mpech@Daniel Hartmeier
2003-08-25catch return-rst ttl values > 255, from aaron@Daniel Hartmeier
2003-08-24Tweaks:Cedric Berger
2003-08-22pf spelling policeDavid Krause
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-20braindeadness police: catch queues which specify itself as child... 'nuff saidHenning Brauer
2003-08-20err out nicer on errors in queue defHenning Brauer
2003-08-18catch max-mss values > 65535, report by Gregory SteuckDaniel Hartmeier
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-07-29indentTheo de Raadt
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-18Simplify handling of flags (-R, -N...). Remove PFCTL_FLAG_ALL.Cedric Berger
2003-07-15Repair memory managment in table parsing code.Cedric Berger
2003-07-14tpoDaniel Hartmeier
2003-07-11Better parsing and -v support for tables:Cedric Berger
2003-07-10Fix merging of host lists.Cedric Berger
2003-07-04KNF after cedric (grmpf)Henning Brauer
2003-07-04allow for a "pass" modifier on translation rules:Henning Brauer
2003-07-03Bye bye atexit(), bye bye globals...Cedric Berger
2003-07-03This patch finally cleanup pfctl_table.c. No more global buffer,Cedric Berger
2003-06-19knfTheo de Raadt
2003-06-18change expand_label_addr() to use a switch (h->addr.type) instead ofHenning Brauer
2003-06-18when expanding the $srcaddr/$dstaddr label macros and the address is actuallyHenning Brauer
2003-06-09Attempt to resolve byte order confusion in nat code once and for all.Ryan Thomas McBride
2003-05-25must not run check_netmask() before remove_invalid_hosts() - binat case had itHenning Brauer
2003-05-19reject invalid netmasks like 10.0.0.0/68, and fix up the netmask forHenning Brauer
2003-05-19all host() receivers have to test for NULLHenning Brauer
2003-05-19if host() returns NULL, it is an error, so err the fuck out and don'tHenning Brauer
2003-05-17support inverse matching on tags likeHenning Brauer
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-15properly complain about too long tagsHenning Brauer
2003-05-14add scrub modifier "reassemble tcp" to turn on stateful TCP normalizationsMike Frantzen
2003-05-14tagging on binatHenning Brauer
2003-05-14enabled tagging on rdr rulesHenning Brauer
2003-05-14with tag/tagged given, only whine about missing keep state on pass rulesHenning Brauer
2003-05-14allow SCRUB rules to specify protocol again. broken sometime in the past.Mike Frantzen
2003-05-14tags on nat rules:Henning Brauer
2003-05-13make sure tagging is only ever used with stateful filter rulesHenning Brauer
2003-05-13userland part for tagging.Henning Brauer
2003-05-11Don't ntohs() the translation port for nat as it is already in host byte order.Ryan Thomas McBride
2003-05-10support loading of anchors from within the main ruleset viaHenning Brauer
2003-05-03don't free() the char * carrying the rule label too earlyHenning Brauer
2003-05-01ease label handlingHenning Brauer
2003-05-01allow label on antispoof; requested by Gregor Binder <gbinder at sysfive.com>Henning Brauer
2003-04-30Allow tables to be loaded into anchors.Cedric Berger
2003-04-25Properly copy the second part of nat proxy port range, when specified.Daniel Hartmeier
2003-04-15pass down the unparsed queue opts (struct node_queue_opt) toHenning Brauer
2003-04-14let print_altq and print_queue take a struct node_queue_bw parameter insteadHenning Brauer
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 21:51:37 +0000