summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
AgeCommit message (Expand)Author
2003-05-25must not run check_netmask() before remove_invalid_hosts() - binat case had itHenning Brauer
2003-05-19reject invalid netmasks like 10.0.0.0/68, and fix up the netmask forHenning Brauer
2003-05-19all host() receivers have to test for NULLHenning Brauer
2003-05-19if host() returns NULL, it is an error, so err the fuck out and don'tHenning Brauer
2003-05-17support inverse matching on tags likeHenning Brauer
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-15properly complain about too long tagsHenning Brauer
2003-05-14add scrub modifier "reassemble tcp" to turn on stateful TCP normalizationsMike Frantzen
2003-05-14tagging on binatHenning Brauer
2003-05-14enabled tagging on rdr rulesHenning Brauer
2003-05-14with tag/tagged given, only whine about missing keep state on pass rulesHenning Brauer
2003-05-14allow SCRUB rules to specify protocol again. broken sometime in the past.Mike Frantzen
2003-05-14tags on nat rules:Henning Brauer
2003-05-13make sure tagging is only ever used with stateful filter rulesHenning Brauer
2003-05-13userland part for tagging.Henning Brauer
2003-05-11Don't ntohs() the translation port for nat as it is already in host byte order.Ryan Thomas McBride
2003-05-10support loading of anchors from within the main ruleset viaHenning Brauer
2003-05-03don't free() the char * carrying the rule label too earlyHenning Brauer
2003-05-01ease label handlingHenning Brauer
2003-05-01allow label on antispoof; requested by Gregor Binder <gbinder at sysfive.com>Henning Brauer
2003-04-30Allow tables to be loaded into anchors.Cedric Berger
2003-04-25Properly copy the second part of nat proxy port range, when specified.Daniel Hartmeier
2003-04-15pass down the unparsed queue opts (struct node_queue_opt) toHenning Brauer
2003-04-14let print_altq and print_queue take a struct node_queue_bw parameter insteadHenning Brauer
2003-04-13KNFHenning Brauer
2003-04-13prevent double service curve specificationHenning Brauer
2003-04-13add support for the HFSC linkshare, realtime, and upperlimit service curvesHenning Brauer
2003-04-13unbreak (missing })Daniel Hartmeier
2003-04-13say bye bye to hfscflags_list and hfscflags_itemHenning Brauer
2003-04-13new struct node_hfsc_opts for, surprise, hfsc options. needed because theyHenning Brauer
2003-04-13pass down the struct node_queue_opts from the altqif/queuespec yacc targetsHenning Brauer
2003-04-13move the structs node_queue_bw and node_queue_opt to pfctl_parser.h.Henning Brauer
2003-04-13move the bandwidth keyword from within the bandwidth target up to theHenning Brauer
2003-04-12initial support for the HFSC scheduler.Henning Brauer
2003-04-11KNFHenning Brauer
2003-04-11don't set r->qid and r->pqid in expand_rule any more, queue name -> queue IDHenning Brauer
2003-04-07Catch and refuse invalid icmp codes (> 255). ok pb@, mpech@.Daniel Hartmeier
2003-04-05ease netmask handling a bitHenning Brauer
2003-04-05allow queue specs to be limited to certain interfaces.Henning Brauer
2003-04-05whitespace KNFHenning Brauer
2003-04-04clean up:Henning Brauer
2003-03-27lotsa const char *Henning Brauer
2003-03-27introduce a "yesno" target. eases code a bit and yes is no keyword any more.Henning Brauer
2003-03-27handle invalid priq/cbq flags better and give a nice error messageHenning Brauer
2003-03-27default, borrow, ecn, red and rio are no keywords any more. use STRING andHenning Brauer
2003-03-27switch symset/symget to TAILQ instead of using hand baked listsHenning Brauer
2003-03-19kill the address token and move the host() invocation up to the host token,Henning Brauer
2003-03-10correctly cope with errors returned by eval_pfqueue and pfctl_add_altqHenning Brauer
2003-03-10when complaining about a queue wiwthout parent, include the queue name inHenning Brauer
2003-03-09cope with LOOP_THROUGH modifying the lis (queues).Henning Brauer
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 08:44:00 +0000