summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
AgeCommit message (Expand)Author
2010-12-31According to pf_scrub_ip6() pf does not support the scrub optionsAlexander Bluhm
2010-12-15make the "invalid probability:" yyerror suck lessHenning Brauer
2010-12-01remove some unused tokensJonathan Gray
2010-09-24remove the check that enforced rdr-to only inbound and nat-to only outbound.Henning Brauer
2010-09-22new log opt "matches"Henning Brauer
2010-09-02remove trailing spaces and tabs; no binary change.Igor Sobrado
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
2010-07-03Fix a couple of problems with printing of anchors, in particular recursiveRyan Thomas McBride
2010-03-23remove -A, -O, -R and -T loadHenning Brauer
2010-01-13Move tokens before productions into more consistant placesTheo de Raadt
2010-01-13Allow /netmask notation in redir spec, fix the rest of the regressRyan Thomas McBride
2010-01-12We actually have to keep the translate/route spec addresses around afterRyan Thomas McBride
2010-01-12Set roundrobin flag correctly, and don't treat a bare interfaceRyan Thomas McBride
2010-01-12Add restrictions to make @if illegal in outside of routing specs;Ryan Thomas McBride
2010-01-12Fix some issues in redir spec handling, discovered thanks to dlg testingRyan Thomas McBride
2010-01-12Don't leak @if0 format routing host names, pointed out by claudio.Ryan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2010-01-10lex <=, >=, and != into a single token for correctness and to reduce theTheo de Raadt
2010-01-10In the non-optimized case, an address list containing "any" (ie. { any 10.0.0...Theo de Raadt
2009-12-24spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.hIgor Sobrado
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-10plug some memory leaks; found by parfait, ok henningTheo de Raadt
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-09A few more places to be updated for the route pool change.Jonathan Gray
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-28route_host initializes the netmask to a /128 no matter what af is used soClaudio Jeker
2009-10-28Correct function name in err and errx.Claudio Jeker
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-07implement binat-to as a macro-like rule: a rule using the new binat-toReyk Floeter
2009-09-03this time i commit the right diff that wasReyk Floeter
2009-09-03fix two route-to vs. rdr-to conflicts.Reyk Floeter
2009-09-02all the new *-to options are part of the "filteropts" section at theReyk Floeter
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-07-28Bring back rev. 1.560:Claudio Jeker
2009-07-27When will people learn to commit their .h file changes?Theo de Raadt
2009-07-27Make it possible to use DiffServ Code Point in the TOS fields. Names likeClaudio Jeker
2009-05-14actually change the require-order default to No; I missed a part withStuart Henderson
2009-04-26switch the require-order default to "no". regression tests still pass.Stuart Henderson
2009-04-25scrub_opts must not be empty, scrub on its own does nothing.Henning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-02-19spacingTheo de Raadt
2008-10-17in findeol(), do not skip the pushback buffer. fixes PR 5952 by sthen@ andHenning Brauer
2008-10-02implement "set state-defaults X", where X is a list of state options asHenning Brauer
2008-09-10do not try to print $$ when it has not been setTheo de Raadt
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-08-07correctly copy the log interface spec when expanding an antispoof rule thatHenning Brauer
2008-07-03do not forget to initialize other member of $$ in qname; noted by mark shroyerTheo de Raadt
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride