| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-11-05 | noone responds. | Theo de Raadt | |
| this diff makes } and { not be part of symbols | |||
| 2001-10-24 | Check interface names using ifa0_lookup() and print error message for | Daniel Hartmeier | |
| non-existant interfaces (instead of the generic ioctl error returned by the kernel in this case). | |||
| 2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier | |
| default now, and can be allowed per rule. ok deraadt@ | |||
| 2001-10-11 | Don't htonl() past buffer bounds if ipmask == 128 | Mike Frantzen | |
| 2001-10-07 | Add interface name to address translation to pfctl, document it and add | Daniel Hartmeier | |
| a regress test. Translation is done on rule set load-time only, so the rule sets must be reloaded when an interface address changes. parse.y patch from Cedric Berger. Similar patch from Jonathon Fletcher. Thanks to both. | |||
| 2001-10-01 | print variable asignments only if -v is given. ok dhartmei/deraadt | Markus Friedl | |
| 2001-09-28 | Support underscores in macro names and document it in the man page. | Daniel Hartmeier | |
| 2001-09-20 | Fix uninitialized structure fields. Problem reported by Cedric Berger. | Daniel Hartmeier | |
| 2001-09-15 | Implement return-icmp(number), return-icmp6(number) | Peter Stromberg | |
| Differentiate between return-icmp and return-icmp6, icmp-type and ipv6-icmp-type. ok dhartmei@ | |||
| 2001-09-15 | Fix 'binat ... to any ...' (binat.af wasn't set). | Daniel Hartmeier | |
| 2001-09-15 | Parse bug, found by wilfried@ | Daniel Hartmeier | |
| 2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
| 2001-09-12 | check calloc() return value | Markus Friedl | |
| 2001-09-06 | - you can only binat between hosts | jasoni | |
| - add binat example and description | |||
| 2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni | |
| 2001-09-04 | Support parameter lists {} for interfaces in filter rules, like | Daniel Hartmeier | |
| pass in on { gm0, kue0 } from any to any | |||
| 2001-08-28 | move '!' from host_list to host: "xhost : '!' host | host;"; ok dhartmei@ | Markus Friedl | |
| 2001-08-28 | check for malloc/strdup == NULL | Markus Friedl | |
| 2001-08-28 | Support ! operator in host parameter lists. Fixes PR system/2030. Reported | Daniel Hartmeier | |
| by Kamil Andrusz <wizz@mniam.net>. | |||
| 2001-08-26 | sort keywords | Theo de Raadt | |
| 2001-08-25 | PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation. | Mike Frantzen | |
| 2001-08-23 | o for a port_item, initialize the "next" pointer to NULL | Todd C. Miller | |
| o for an address, use calloc() instead of malloc() so the struct is zeroed Fixes a SEGV in pfctl due to uninitialized "next" pointers. | |||
| 2001-08-23 | Support var="string". Expansion (at lex time) done using $var, for instance: | Theo de Raadt | |
| okproto="{ssh, smtp, domain, auth}" pass in on key0 proto tcp from any to any port $okproto keep state Can I ask someone else to document this in pf.conf(5)? | |||
| 2001-08-19 | Add parameter list support to parser. Handles lists for protocol, hosts | Daniel Hartmeier | |
| and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations). | |||
| 2001-08-16 | track the line number per-token, so that we can report errors correctly | Theo de Raadt | |
| 2001-08-14 | optimize the flags parsing; markus@ ok | Michael Shalayeff | |
| 2001-08-11 | \+\n support, and spit out cc-style error messages. the parser's line | Theo de Raadt | |
| counting is lex dependent, and will need to be tweaked | |||
| 2001-07-31 | allow to test that flags are unset, ok dhartmei@, mickey@ | Peter Stromberg | |
| 2001-07-19 | Fix/complete the handling of the binary ops >< and <> to behave | Kenneth R Westerback | |
| like the ipf operators. The 'n >< m' construct (Include Range = PF_OP_IRG) should match ports greater than n and less than m, not greater than or equal to n and less than or equal to m. The 'n <> m' construct (Exclude Range = PF_OP_XRG) should match all ports less than n OR greater than m, not be treated as an alias for ><. Thus PF_OP_GL, which was used for both <> and >< is replaced with PF_OP_IRG and PF_OP_XRG with the 'correct' semantics. OK dhartmei@ | |||
| 2001-07-18 | new ERROR token, errx() -> warnx() + ERROR; ok deraadt@ | Markus Friedl | |
| 2001-07-18 | KNF for return | Markus Friedl | |
| 2001-07-18 | check number range to fit in 32 bits | Michael Shalayeff | |
| 2001-07-18 | put range checks on NUMBER, pointed out by deraadt | Michael Shalayeff | |
| 2001-07-17 | spaces, parens, err instead of errx+strerror | Michael Shalayeff | |
| 2001-07-17 | warnx()/YYERROR instead of errx(); suggested by mickey@ | Markus Friedl | |
| 2001-07-17 | markus doesnt like min-ttl =, begone | Niels Provos | |
| 2001-07-17 | support min-ttl, okay dhartmei@ | Niels Provos | |
| 2001-07-17 | normalize ip_off, make IP_DF stripping optional, return rst is a flag now. | Niels Provos | |
| okay markus@ | |||
| 2001-07-17 | bitch about ! in pf rule; ok dhartmei@ and markus@ | Marco S Hyman | |
| 2001-07-17 | Only set default proto in the rdr case; markus@ OK | Todd C. Miller | |
| 2001-07-16 | errx() if getservbyname() fails | Markus Friedl | |
| 2001-07-16 | better flags parsing; dhartmei | Markus Friedl | |
| 2001-07-16 | add a yacc parser for pf.conf and nat.conf, with help from mickey@, | Markus Friedl | |
| plus: -n now turns off all operations, and just parses the conf files ok deraadt@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |