summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
AgeCommit message (Expand)Author
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-06-29remove cedric's bogus interface name verification code.Henning Brauer
2004-06-29convert a few memcpy()s to strlcpy() so we don't copy uninitialized junk intoMike Frantzen
2004-06-26add back PF_INOUT, fixes reassemble tcpDavid Krause
2004-06-25repair tree nanobreak by the nanobumTheo de Raadt
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-21Use '/' instead of ':' as separator for anchor path components. Note thatDaniel Hartmeier
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-04-22typo, From: Jared Yanovich <jjy2+@pitt.edu>Henning Brauer
2004-04-14make antispoof work with dynamic addresses. ok dhartmei@ mcbride@Cedric Berger
2004-03-20spelling fix; ok dhartmei@ henning@ deraadt@David Krause
2004-03-14#include fixes, from Max Laier, ok beck@ henning@Daniel Hartmeier
2004-03-08plug 124 memory leaksHenning Brauer
2004-03-06from bgpd:Henning Brauer
2004-03-01support "tagged <name>" on anchor rules, suggested by vd@vmunix.lt,Daniel Hartmeier
2004-02-24'max-src-nodes' requires 'source-track rule'. Set that automatically,Ryan Thomas McBride
2004-02-24fixup.Cedric Berger
2004-02-24Check for 'source-track rule' with 'max-src-nodes'.Ryan Thomas McBride
2004-02-11Fix interface clobbering for link-local addresses. Found by Pyun YongHyeon.Cedric Berger
2004-02-10KNFHenning Brauer
2004-02-10fix at leats the worst of Cedric "KNF is for everybody but me" Berger's fuckupHenning Brauer
2004-02-04Handle rules like 'pass ... proto { tcp udp icmp } ... modulate state'Ryan Thomas McBride
2004-02-03fix PR 3664 / jared r r spiegelHenning Brauer
2004-01-05few off by ones in strlcpy overflow check; Patrick LatifiHenning Brauer
2004-01-04don't ignore "!" on "binat on !foo". ok mcbride@Cedric Berger
2003-12-31spacing. note this, cedricTheo de Raadt
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-30fix TAILQ abuse.Henning Brauer
2003-12-19i wrote much of these, assert my copyrightHenning Brauer
2003-12-19assert copyright. i rewrite much of thisTheo de Raadt
2003-12-16Check that max-src-states and max-src-nodes are not being set to 0.Ryan Thomas McBride
2003-12-15KNF here tooHenning Brauer
2003-12-15Whitespace.Ryan Thomas McBride
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-11-29allow ':' (range including boundaries) to be used whereever '><' (rangeDaniel Hartmeier
2003-11-22daniel stumbled over a broken regress test, and it turned out that I forgotHenning Brauer
2003-11-14allow the debuglevel to be set from pf.conf (set debug)Henning Brauer
2003-11-08Add 'no-sync' state option to prevent state transition messages for statesRyan Thomas McBride
2003-11-06and fix two err() that should be errx() while beeing hereHenning Brauer
2003-11-06need calloc hereHenning Brauer
2003-11-06allow the label macros to be used in tags as well.Henning Brauer
2003-10-21don't use NULL as (int)0. henning okJun-ichiro itojun Hagino
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-09-01KNFHenning Brauer
2003-08-28This change is busted. what's worse, REGRESSION TESTS WOULD HAVE CAUGHT IT!Kjell Wooding
2003-08-26catch port/user/group a <>/>< b with a >= b, from mpech@Daniel Hartmeier
2003-08-25catch return-rst ttl values > 255, from aaron@Daniel Hartmeier
2003-08-24Tweaks:Cedric Berger
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 15:24:25 +0000